RHSA-2020:5237-01 -- Centos firefoxID: oval:org.secpod.oval:def:68016 | Date: (C)2020-12-23 (M)2024-02-19 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix: * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 * Mozilla: Variable time processing of cross-origin images during drawImage calls * Mozilla: Fullscreen could be enabled without displaying the security UI * Mozilla: XSS through paste * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions * Mozilla: Use-after-free in WebRequestService * Mozilla: Potential use-after-free in uses of nsTArray * Mozilla: DoH did not filter IPv4 mapped IP Addresses * Mozilla: Software keyboards may have remembered typed passwords For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.