Univention Bugzilla – Bug 52752
firefox-esr: Multiple issues (4.4)
Last modified: 2021-02-10 17:26:14 CET
New Debian firefox-esr 78.7.0esr-1~deb9u1 fixes: This update addresses the following issues: * HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) * Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/firefox-esr_78.6.1esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/firefox-esr_78.7.0esr-1~deb9u1.dsc @@ -1,3 +1,14 @@ +78.7.0esr-1~deb9u1 [Thu, 28 Jan 2021 13:20:54 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to stretch. + +78.7.0esr-1 [Wed, 27 Jan 2021 08:57:31 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2021-04, also known as: + CVE-2021-23953, CVE-2021-23954, CVE-2020-26976, CVE-2021-23960, + CVE-2021-23964. + 78.6.1esr-1~deb9u1 [Thu, 07 Jan 2021 10:38:06 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to stretch. <http://10.200.17.11/4.4-7/#6402565180627142692>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 50429df542 Bug #52752: firefox-esr 78.7.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x888>