Synopsis:          Important: firefox security update
Advisory ID:       SLSA-2020:5239-1
Issue Date:        2020-11-30
CVE Numbers:       CVE-2020-26951
                   CVE-2020-16012
                   CVE-2020-26953
                   CVE-2020-26956
                   CVE-2020-26958
                   CVE-2020-26959
                   CVE-2020-26960
                   CVE-2020-26961
                   CVE-2020-26965
                   CVE-2020-26968
--

This update upgrades Firefox to version 78.5.0 ESR.

Security Fix(es):

* Mozilla: Parsing mismatches could confuse and bypass security sanitizer
for chrome privileged code (CVE-2020-26951)

* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
(CVE-2020-26968)

* Mozilla: Variable time processing of cross-origin images during
drawImage calls (CVE-2020-16012)

* Mozilla: Fullscreen could be enabled without displaying the security UI
(CVE-2020-26953)

* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)

* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type
restrictions (CVE-2020-26958)

* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)

* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)

* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)

* Mozilla: Software keyboards may have remembered typed passwords
(CVE-2020-26965)
--

SL7
  x86_64
    firefox-78.5.0-1.el7_9.x86_64.rpm 


- Scientific Linux Development Team