Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/9EBA33CBA051F66D80E8766F6A1196B8
HistoryMar 10, 2020 - 12:00 a.m.

Security fix for the ALT Linux 10 package firefox-esr version 68.6.0-alt1

2020-03-1000:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
15
alt linux 10
firefox-esr
security fix
cve-2020-6805
cve-2020-6806
cve-2020-6807
cve-2020-6811
cve-2019-20503
cve-2020-6812
cve-2020-6814
march 10 2020
andrey cherepanov
esr version 68.6.0
command injection
memory safety bugs
out of bounds reads
personally identifiable information
state confusion
stream destruction

EPSS

0.526

Percentile

97.6%

March 10, 2020 Andrey Cherepanov 68.6.0-alt1

- New ESR version (68.6.0).
- Fix license tag according to SPDX.
- Fixed:
  + CVE-2020-6805 Use-after-free when removing data about origins
  + CVE-2020-6806 BodyStream::OnInputStreamReady was missing protections against state confusion
  + CVE-2020-6807 Use-after-free in cubeb during stream destruction
  + CVE-2020-6811 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  + CVE-2019-20503 Out of bounds reads in sctp_load_addresses_from_init
  + CVE-2020-6812 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
  + CVE-2020-6814 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6