#14464: firefox-78.6.1 and js-78.6.1
-------------------------+------------------------
Reporter: bdubbs | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 10.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------
Changes (by renodr):
* priority: normal => high
Comment:
Mozilla marks this update as Critical:
{{{
Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android
84.1.3, and Firefox ESR 78.6.1
Announced
January 6, 2021
Impact
critical
Products
Firefox, Firefox ESR, Firefox for Android
Fixed in
Firefox 84.0.2
Firefox ESR 78.6.1
Firefox for Android 84.1.3
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-
ECHO SCTP chunk
Reporter
Ned Williamson
Impact
critical
Description
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet
in a way that potentially resulted in a use-after-free. We presume that
with enough effort it could have been exploited to run arbitrary code.
References
Bug 1683964
}}}
The release notes are now available - other than the above security fix,
there is a fix for video playback on Apple Silicon.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14464#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
