CESA-2020:0816 -- centos 6 firefoxID: oval:org.secpod.oval:def:205466 | Date: (C)2020-04-23 (M)2023-12-20 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after-free in cubeb during stream destruction * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 * Mozilla: Out of bounds reads in sctp_load_addresses_from_init * Mozilla: Devtools" "Copy as cURL" feature did not fully escape website-controlled data, potentially leading to command injection * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.