Package firefox-esr updated to version 78.6.1-alt1 for branch sisyphus in task 264363.

Published: 2021-01-05

BDU:2021-01665

Уязвимость реализации блока COOKIE-ECHO расширения WebRTC браузеров Google Chrome, Mozilla Firefox, Firefox ESR и Firefox for Android, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2020-16044
MFSA 2021-01

Published: 2021-02-09
Modified: 2024-11-21

CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1163228
https://crbug.com/1163228

Version: 2.1.0

Package firefox-esr update in sisyphus on 2021-01-07

ALT-PU-2021-1008-1

Closed vulnerabilities

BDU:2021-01665

CVE-2020-16044