Пакет firefox: Информация

- New release (83.0).
- Security fixes:
  + CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
  + CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
  + CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
  + CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
  + CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
  + CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
  + CVE-2020-26956: XSS through paste (manual and clipboard API)
  + CVE-2020-26957: OneCRL was not working in Firefox for Android
  + CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
  + CVE-2020-26959: Use-after-free in WebRequestService
  + CVE-2020-26960: Potential use-after-free in uses of nsTArray
  + CVE-2020-15999: Heap buffer overflow in freetype
  + CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
  + CVE-2020-26962: Cross-origin iframes supported login autofill
  + CVE-2020-26963: History and Location interfaces could have been used to hang the browser
  + CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
  + CVE-2020-26965: Software keyboards may have remembered typed passwords
  + CVE-2020-26966: Single-word search queries were also broadcast to local network
  + CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
  + CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
  + CVE-2020-26969: Memory safety bugs fixed in Firefox 83

- New release (82.0.3).
- Security fixes:
  + CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

- New release (82.0.1).