HomeSolus

Update firefox to 74.0

Authored by kyrios123 on Mar 11 2020, 5:41 AM.

Description

Update firefox to 74.0

Summary:
Security:

  • CVE-2020-6805: Use-after-free when removing data about origins
  • CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
  • CVE-2020-6807: Use-after-free in cubeb during stream destruction
  • CVE-2020-6808: URL Spoofing via javascript: URL
  • CVE-2020-6809: Web Extensions with the all-urls permission could access local files
  • CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
  • CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  • CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
  • CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
  • CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
  • CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
  • CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74

Release notes available here

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan: Browsed a few websies

Reviewers: Triage Team

Subscribers: JoshStrobl

Differential Revision: https://dev.getsol.us/D8469

Details

Committed
kyrios123Mar 12 2020, 9:36 AM
Pushed
kyrios123Mar 12 2020, 9:38 AM
Differential Revision
D8469: Update firefox to 74.0
Parents
R755:820e35b81950: Update to 73.0.1.
Branches
Unknown
Tags
Unknown
References
tag: firefox-74.0-186