firefox-esr: Multiple vulnerabilities (CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421)
- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
- CVE-2020-12418: Information disclosure due to manipulated URL object
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
- CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
Fixed In Version:
Firefox ESR 68.10
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/
Affected branches:
-
master -
3.12-stable