Mozilla sent Firefox Version 78.0.1 to the release channel today due the rollout of Version 78.0 needing to be stopped because of a bug that some users of the browser experienced after installation of the new version.
In addition, the security updates that were included in version 78.0 were finally published. That update included thirteen (13) security updates of which seven are high, four are moderate and two low in severity.
High
- #CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing
- #CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster
- #CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
- #CVE-2020-12418: Information disclosure due to manipulated URL object
- #CVE-2020-12419: Use-after-free in nsGlobalWindowInner
- #CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
- #CVE-2020-12426: Memory safety bugs fixed in Firefox 78
Moderate
- #CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack
- #CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
- #CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
- #CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library
Low
- #CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process
- #CVE-2020-12425: Out of bound read in Date.parse()
New
- Fixed an issue which could cause installed search engines to not be visible when upgrading from a previous release.
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.