| Errata ID | 649 |
|---|---|
| Date | 2020-07-08 |
| Source package | firefox-esr |
| Fixed in version | 68.10.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Information disclosure due to manipulated URL object (CVE-2020-12418) * Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) |
| Additional notes | |
| CVE ID | CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 |
| UCS Bug number | #51615 |
