Пакет firefox-esr: Информация

The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
- New ESR version (68.6.0).
- Fix license tag according to SPDX.
- Fixed:
  + CVE-2020-6805 Use-after-free when removing data about origins
  + CVE-2020-6806 BodyStream::OnInputStreamReady was missing protections against state confusion
  + CVE-2020-6807 Use-after-free in cubeb during stream destruction
  + CVE-2020-6811 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  + CVE-2019-20503 Out of bounds reads in sctp_load_addresses_from_init
  + CVE-2020-6812 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
  + CVE-2020-6814 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
- New ESR version (68.5.0).
- Fixed:
  + CVE-2020-6796 Missing bounds check on shared memory read in the parent process
  + CVE-2020-6797 Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
  + CVE-2020-6798 Incorrect parsing of template tag could result in JavaScript injection
  + CVE-2020-6799 Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
  + CVE-2020-6800 Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
- New ESR version (68.4.2).
- Bugs fixed:
  + Fixed various issues opening files with spaces in their path (bug 1601905, bug 1602726).

Пакет firefox-esr: Информация

Последнее изменение