RHSA-2020:4080-01 -- Redhat firefoxID: oval:org.secpod.oval:def:504354 | Date: (C)2020-10-06 (M)2023-12-20 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer * Mozilla: X-Frame-Options bypass using object or embed tags * Mozilla: Bypassing iframe sandbox when allowing popups * Mozilla: Type confusion for special arguments in IonMonkey * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element * Mozilla: Download origin spoofing via redirect * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario * Mozilla: WebRTC permission prompt could have been bypassed by a compromised content process * Mozilla: Out of bound read in Date.parse * Mozilla: Custom cursor can overlay user interface * Mozilla: Overriding file type when saving to disk For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * Warnings displayed when removing Firefox package
Platform: |
Red Hat Enterprise Linux 7 |