Overview

File _patchinfo of Package patchinfo.16572

<patchinfo incident="16572">
  <issue tracker="bnc" id="1175686">VUL-0: MozillaFirefox,MozillaThunderbird: Update to 78.2.0 ESR /80 /68.12 (MFSA 2020-38, MFSA 2020-36, MFSA 2020-40)</issue>
  <issue tracker="bnc" id="1176756">VUL-0: CVE-2020-15675,CVE-2020-15677,CVE-2020-15676,CVE-2020-15678,CVE-2020-15673: MozillaFirefox: Update to 78.3.0 ESR / 81.0</issue>
  <issue tracker="bnc" id="1167976">Default install of Tumbleweed; Firefox starts out with Taiwanese bookmarks</issue>
  <issue tracker="bnc" id="1174284">Firefox tab just crashed in FIPS mode</issue>
  <issue tracker="bnc" id="1173986">MozillaFirefox - langpack build takes long time</issue>
  <issue tracker="bnc" id="1174420">Firefox 78 ESR menu is displaced when running Gnome on Wayland</issue>
  <issue tracker="bnc" id="1173991">Firefox translations not available after reinstalling MozillaFirefox-translations-common</issue>
  <issue tracker="cve" id="2020-15676"/>
  <issue tracker="cve" id="2020-15664"/>
  <issue tracker="cve" id="2020-15678"/>
  <issue tracker="cve" id="2020-15670"/>
  <issue tracker="cve" id="2020-15673"/>
  <issue tracker="cve" id="2020-15663"/>
  <issue tracker="cve" id="2020-15677"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)
   - CVE-2020-15677: Download origin spoofing via redirect
   - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a
     contenteditable element 
   - CVE-2020-15678: When recursing through layers while scrolling, an iterator
     may have become invalid, resulting in a potential use-after-free scenario
   - CVE-2020-15673: Fixed memory safety bugs 
- Enhance fix for wayland-detection (bsc#1174420)
- Attempt to fix langpack-parallelization by introducing separate
  obj-dirs for each lang (bsc#1173986, bsc#1167976)

- Firefox was updated to 78.2.0 ESR (bsc#1175686, MFSA 2020-38)
   - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
     have resulted in escalation of privilege
   - CVE-2020-15664: Attacker-induced prompt for extension installation
   - CVE-2020-15670: Fixed  memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

- Fixed Firefox tab crash in FIPS mode (bsc#1174284).
- Fixed broken translation-loading (bsc#1173991) 
  - allow addon sideloading
  - mark signatures for langpacks non-mandatory
  - do not autodisable user profile scopes
- Google API key is not usable for geolocation service any more
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places