| Errata ID | 590 |
|---|---|
| Date | 2020-05-13 |
| Source package | firefox-esr |
| Fixed in version | 68.8.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Use-after-free when handling a ReadableStream (CVE-2020-6820) * Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) * Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Use-after-free during worker shutdown (CVE-2020-12387) * Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) |
| Additional notes | |
| CVE ID | CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 |
| UCS Bug number | #51265 |
