SUSE-SU-2020:14456-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89000517 | Date: (C)2021-02-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1 ESR * Fixed: Various stability, functionality, and security fixe . * CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 WebRTC data channel leaks internal address to peer * CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 Bypassing iframe sandbox when allowing popups * CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 Type confusion for special arguments in IonMonkey * CVE-2020-15658 Overriding file type when saving to disk * CVE-2020-15657 DLL hijacking due to incorrect loading path * CVE-2020-15654 Custom cursor can overlay user interface * CVE-2020-15659 Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 - Add sle11-icu-generation-python3.patch to fix icu-generation on big endian platforms - Mozilla Firefox 78.0.2 ESR * MFSA 2020-28 * MFSA-2020-0003 X-Frame-Options bypass using object or embed tags * Fixed: Fixed an accessibility regression in reader mode * Fixed: Made the address bar more resilient to data corruption in the user profile * Fixed: Fixed a regression opening certain external applications
Platform: |
SUSE Linux Enterprise Server 11 SP4 |