firefox-esr: Multiple vulnerabilities (CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113)
- CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
- CVE-2020-26971: Heap buffer overflow in WebGL
- CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
- CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
- CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
- CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
- CVE-2020-35113: Memory safety bugs
Fixed In Version:
Firefox ESR 78.6
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/
Affected branches:
-
master -
3.12-stable