AVG-1362 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 83.0-2
Fixed 84.0-1
Current 92.0.1-1 [extra]
Ticket None
Created Tue Dec 15 16:48:51 2020
Issue Severity Remote Type Description
CVE-2020-35114 High Yes Arbitrary code execution
Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed...
CVE-2020-35113 High Yes Arbitrary code execution
Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these bugs showed...
CVE-2020-35111 Low Yes Information disclosure
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. When an extension with the proxy permission registered to receive...
CVE-2020-26979 Low Yes Content spoofing
A security issue was discovered in Firefox before 84.0. When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a...
CVE-2020-26978 Medium Yes Information disclosure
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. Using techniques that built on the slipstream research, a malicious...
CVE-2020-26976 Medium Yes Information disclosure
A security issue was found in Firefox before 84.0. When an HTTPS page was embedded in an HTTP page, and there was a service worker registered for the...
CVE-2020-26974 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6. When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object...
CVE-2020-26973 High Yes Content spoofing
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect...
CVE-2020-26972 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0. The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must...
CVE-2020-26971 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain blit values provided by the user were not properly constrained,...
CVE-2020-16042 High Yes Information disclosure
An uninitialized use security issue has been found in the V8 component of the chromium browser before version 87.0.4280.88 and Firefox before 84.0.
Date Advisory Package Type
16 Dec 2020 ASA-202012-25 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/