March 10, 2020 Andrey Cherepanov 68.6.0-alt1
- New ESR version (68.6.0).
- Fix license tag according to SPDX.
- Fixed:
+ CVE-2020-6805 Use-after-free when removing data about origins
+ CVE-2020-6806 BodyStream::OnInputStreamReady was missing protections against state confusion
+ CVE-2020-6807 Use-after-free in cubeb during stream destruction
+ CVE-2020-6811 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2019-20503 Out of bounds reads in sctp_load_addresses_from_init
+ CVE-2020-6812 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
+ CVE-2020-6814 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6