Synopsis: Important: firefox security update Advisory ID: SLSA-2020:2827-1 Issue Date: 2020-07-07 CVE Numbers: None -- Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) -- SL7 x86_64 firefox-68.10.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.10.0-1.el7_8.x86_64.rpm firefox-68.10.0-1.el7_8.i686.rpm firefox-debuginfo-68.10.0-1.el7_8.i686.rpm - Scientific Linux Development Team