ALT-PU-2021-1158-1
Package firefox-esr updated to version 78.7.0-alt1 for branch sisyphus in task 265286.
Closed vulnerabilities
BDU:2021-02087
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой преобразования типов, позволяющая нарушителю выполнить произвольный код
BDU:2021-02088
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2021-02089
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с включением функций из недостоверной контролируемой области, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-02090
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с некорректной обработкой нулевых байтов или символов NULL при обмене данными, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
- https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
- [debian-lts-announce] 20210202 [SECURITY] [DLA 2539-1] firefox-esr security update
- [debian-lts-announce] 20210202 [SECURITY] [DLA 2539-1] firefox-esr security update
- [debian-lts-announce] 20210202 [SECURITY] [DLA 2541-1] thunderbird security update
- [debian-lts-announce] 20210202 [SECURITY] [DLA 2541-1] thunderbird security update
- GLSA-202102-02
- GLSA-202102-02
- DSA-4840
- DSA-4840
- DSA-4842
- DSA-4842
- https://www.mozilla.org/security/advisories/mfsa2020-54/
- https://www.mozilla.org/security/advisories/mfsa2020-54/
Modified: 2024-11-21
CVE-2021-23953
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1683940
- https://bugzilla.mozilla.org/show_bug.cgi?id=1683940
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
Modified: 2024-11-21
CVE-2021-23954
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1684020
- https://bugzilla.mozilla.org/show_bug.cgi?id=1684020
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
Modified: 2024-11-21
CVE-2021-23960
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1675755
- https://bugzilla.mozilla.org/show_bug.cgi?id=1675755
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
Modified: 2024-11-21
CVE-2021-23964
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-03/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-04/
- https://www.mozilla.org/security/advisories/mfsa2021-05/
- https://www.mozilla.org/security/advisories/mfsa2021-05/