---
- branch: MAIN
  date: Wed Nov 18 12:33:45 UTC 2020
  files:
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/www/firefox78/Makefile
    pathrev: pkgsrc/www/firefox78/Makefile@1.13
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/www/firefox78/distinfo
    pathrev: pkgsrc/www/firefox78/distinfo@1.6
    type: modified
  id: 20201118T123345Z.af894eac519921e3d9a427eaf94499f44d268e1b
  log: |
    firefox78: Update to 78.5.0

    Security Vulnerabilities fixed in Firefox ESR 78.5

        #CVE-2020-26951: Parsing mismatches could confuse and bypass security
        sanitizer for chrome privileged code

        #CVE-2020-16012: Variable time processing of cross-origin images during
        drawImage calls

        #CVE-2020-26953: Fullscreen could be enabled without displaying the security
        UI

        #CVE-2020-26956: XSS through paste (manual and clipboard API)

        #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
        type restrictions

        #CVE-2020-26959: Use-after-free in WebRequestService

        #CVE-2020-26960: Potential use-after-free in uses of nsTArray

        #CVE-2020-15999: Heap buffer overflow in freetype

        #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

        #CVE-2020-26965: Software keyboards may have remembered typed passwords

        #CVE-2020-26966: Single-word search queries were also broadcast to local
        network

        #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/firefox78'
  unixtime: '1605702825'
  user: nia