Synopsis: Important: firefox security update
Advisory ID: SLSA-2020:5257-1
Issue Date: 2020-11-30
CVE Numbers: CVE-2020-26951
CVE-2020-16012
CVE-2020-26953
CVE-2020-26956
CVE-2020-26958
CVE-2020-26959
CVE-2020-26960
CVE-2020-26961
CVE-2020-26965
CVE-2020-26968
—
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer
for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
(CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during
drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI
(CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type
restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords
(CVE-2020-26965)
—
SL6
x86_64
firefox-78.5.0-1.el6_10.x86_64.rpm
i386
firefox-78.5.0-1.el6_10.i686.rpm
– Scientific Linux Development Team
