Subject: CVS commit: pkgsrc/www/firefox78
From: Nia Alarie
Date: 2020-11-18 13:33:45
Message id: 20201118123345.B571BFA9D@cvs.NetBSD.org
Log Message:
firefox78: Update to 78.5.0

Security Vulnerabilities fixed in Firefox ESR 78.5

    #CVE-2020-26951: Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code

    #CVE-2020-16012: Variable time processing of cross-origin images during
    drawImage calls

    #CVE-2020-26953: Fullscreen could be enabled without displaying the security
    UI

    #CVE-2020-26956: XSS through paste (manual and clipboard API)

    #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
    type restrictions

    #CVE-2020-26959: Use-after-free in WebRequestService

    #CVE-2020-26960: Potential use-after-free in uses of nsTArray

    #CVE-2020-15999: Heap buffer overflow in freetype

    #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

    #CVE-2020-26965: Software keyboards may have remembered typed passwords

    #CVE-2020-26966: Single-word search queries were also broadcast to local
    network

    #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Files:
RevisionActionfile
1.13modifypkgsrc/www/firefox78/Makefile
1.6modifypkgsrc/www/firefox78/distinfo