firefox-esr: Multiple vulnerabilities (CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026)
- CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
- CVE-2019-17017: Type Confusion in XPCVariant.cpp
- CVE-2019-17022: CSS sanitization does not escape HTML tags
- CVE-2019-17024: Memory safety bugs
Fixed In Version:
firefox-esr 68.4
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Fixed In Version:
firefox-esr 68.4.1
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
Affected branches:
-
master -
3.11-stable (ed2c5b48)