Subject: CVS commit: pkgsrc/www/firefox78
From: Nia Alarie
Date: 2020-12-17 14:24:30
Message id: 20201217132430.BACE1FA9D@cvs.NetBSD.org
Log Message:
firefox78: Update to 78.6.0

Security Vulnerabilities fixed in Firefox ESR 78.6

#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed

#CVE-2020-26971: Heap buffer overflow in WebGL

#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free

#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage

#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead

#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Files:
RevisionActionfile
1.14modifypkgsrc/www/firefox78/Makefile
1.7modifypkgsrc/www/firefox78/distinfo