July 4, 2020 Alexey Gladkov 78.0.1-alt1
- New release (78.0.1).
- Fixes:
+ CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing
+ CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster
+ CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
+ CVE-2020-12418: Information disclosure due to manipulated URL object
+ CVE-2020-12419: Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
+ CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack
+ CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
+ CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library
+ CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process
+ CVE-2020-12425: Out of bound read in Date.parse()
+ CVE-2020-12426: Memory safety bugs fixed in Firefox 78