firefox (SL7)

By Scientific Linux Team on December 17, 2020

Synopsis: Important: firefox security update
Advisory ID: SLSA-2020:5561-1
Issue Date: 2020-12-17
CVE Numbers: CVE-2020-16042
CVE-2020-26971
CVE-2020-26973
CVE-2020-26974
CVE-2020-26978
CVE-2020-35111
CVE-2020-35113

Security Fix(es):

* chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)

* Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)

* Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)

* Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free (CVE-2020-26974)

* Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
(CVE-2020-35113)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2020-26978)

* Mozilla: The proxy.onRequest API did not catch view-source URLs
(CVE-2020-35111)

SL7
x86_64
firefox-78.6.0-1.el7_9.x86_64.rpm
firefox-debuginfo-78.6.0-1.el7_9.x86_64.rpm
firefox-78.6.0-1.el7_9.i686.rpm

– Scientific Linux Development Team