File _patchinfo of Package patchinfo.17248

<patchinfo incident="17248">
  <issue tracker="bnc" id="1178824">VUL-0: MozillaFirefox: update to 78.5.0 ESR / 83.0 (MFSA 2020-50, MFSA 2020-51)</issue>
  <issue tracker="cve" id="2020-26965"/>
  <issue tracker="cve" id="2020-26951"/>
  <issue tracker="cve" id="2020-26956"/>
  <issue tracker="cve" id="2020-26968"/>
  <issue tracker="cve" id="2020-26953"/>
  <issue tracker="cve" id="2020-26961"/>
  <issue tracker="cve" id="2020-26958"/>
  <issue tracker="cve" id="2020-26959"/>
  <issue tracker="cve" id="2020-16012"/>
  <issue tracker="cve" id="2020-15999"/>
  <issue tracker="cve" id="2020-26966"/>
  <issue tracker="cve" id="2020-26960"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
  * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
  * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
  * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26956: XSS through paste (manual and clipboard API)
  * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
  * CVE-2020-26959: Use-after-free in WebRequestService
  * CVE-2020-26960: Potential use-after-free in uses of nsTArray
  * CVE-2020-15999: Heap buffer overflow in freetype
  * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26965: Software keyboards may have remembered typed passwords
  * CVE-2020-26966: Single-word search queries were also broadcast to local network
  * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
</description>
</patchinfo>