firefox (SL7)

Synopsis: Important: firefox security update
Advisory ID: SLSA-2021:0992-1
Issue Date: 2021-03-25
CVE Numbers: CVE-2021-23981

This update upgrades Firefox to version 78.9.0 ESR.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)

* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)

* Mozilla: Malicious extensions could have spoofed popup information

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

– Scientific Linux Development Team