SUSE-SU-2020:3458-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89050465 | Date: (C)2023-10-10 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Platform: |
SUSE Linux Enterprise Desktop 15 SP2 |