Synopsis: Important: firefox security update Advisory ID: SLSA-2021:0290-1 Issue Date: 2021-01-27 CVE Numbers: CVE-2021-23953 CVE-2021-23954 CVE-2020-26976 CVE-2021-23960 CVE-2021-23964 -- This update upgrades Firefox to version 78.7.0 ESR. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) -- SL7 x86_64 firefox-78.7.0-2.el7_9.x86_64.rpm firefox-debuginfo-78.7.0-2.el7_9.x86_64.rpm firefox-78.7.0-2.el7_9.i686.rpm - Scientific Linux Development Team