| Errata ID | 661 |
|---|---|
| Date | 2020-03-18 |
| Source package | firefox-esr |
| Fixed in version | 68.6.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Use-after-free when removing data about origins (CVE-2020-6805) * BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) * Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) |
| Additional notes | |
| CVE ID | CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 |
| UCS Bug number | #50941 |
