firefox-esr: Multiple vulnerabilities (CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964, CVE-2020-26976)
- CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
- CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
- CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
- CVE-2021-23964: Memory safety bugs
- CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been
Fixed In Version:
Firefox ESR 78.7
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/