Overview

File _patchinfo of Package patchinfo.14092

<patchinfo incident="14092">
  <issue tracker="bnc" id="1163368">VUL-0: MozillaFirefox,MozillaThunderbird: 68.5ESR / 73 release</issue>
  <issue tracker="cve" id="2020-6798"/>
  <issue tracker="cve" id="2020-6797"/>
  <issue tracker="cve" id="2020-6796"/>
  <issue tracker="cve" id="2020-6799"/>
  <issue tracker="cve" id="2020-6800"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 68.5.0 ESR
  * Fixed: Various stability and security fixes
- Mozilla Firefox ESR68.5
  MFSA 2020-06 (bsc#1163368)
  * CVE-2020-6796 (bmo#1610426)
    Missing bounds check on shared memory read in the parent
    process
  * CVE-2020-6797 (bmo#1596668)
    Extensions granted downloads.open permission could open
    arbitrary applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript
    injection
  * CVE-2020-6799 (bmo#1606596)
    Arbitrary code execution when opening pdf links from other
    applications, when Firefox is configured as default pdf
    reader
  * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
    bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places