Changelog:
Security fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
Security Vulnerabilities fixed in Firefox ESR 78.8
#CVE-2021-23969: Content Security Policy violation report could have
contained the destination of a redirect
#CVE-2021-23968: Content Security Policy violation report could have
contained the destination of a redirect
#CVE-2021-23973: MediaError message property could have leaked
information about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR
78.8
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
Changelog:
* Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
* Secrity fix:
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Security Vulnerabilities fixed in Firefox ESR 78.6
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
Security Vulnerabilities fixed in Firefox ESR 78.3
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
Security Vulnerabilities fixed in Firefox ESR 78.2
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could
have resulted in escalation of privilege
Note: This issue only affected Windows operating systems.
Other operating systems are unaffected.
#CVE-2020-15664: Attacker-induced prompt for extension installation
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package provides Firefox 78 ESR.
