Subject: CVS commit: [pkgsrc-2020Q3] pkgsrc/www/firefox78
From: Benny Siegert
Date: 2020-12-19 21:38:04
Message id: 20201219203804.B1060FA9D@cvs.NetBSD.org
Log Message:
Pullup ticket #6385 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.14
- www/firefox78/distinfo                                        1.7

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Dec 17 13:24:30 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log Message:
   firefox78: Update to 78.6.0

   Security Vulnerabilities fixed in Firefox ESR 78.6

   #CVE-2020-16042: Operations on a BigInt could have caused uninitialized
   memory to be exposed

   #CVE-2020-26971: Heap buffer overflow in WebGL

   #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

   #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
   use-after-free

   #CVE-2020-26978: Internal network hosts could have been probed by a
   malicious webpage

   #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

   #CVE-2020-35112: Opening an extension-less download may have inadvertently
   launched an executable instead

   #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Files:
RevisionActionfile
1.6.2.3modifypkgsrc/www/firefox78/Makefile
1.3.2.3modifypkgsrc/www/firefox78/distinfo