Firefox

  • Updated Mozilla Firefox to 68.12.0esr:
    • Fixes for mfsa2020-11, also known as CVE-2020-6819, CVE-2020-6820.
    • Fixes for mfsa2020-13, also known as 

      CVE-2020-6828, CVE-2020-6827, CVE-2020-6821,
      CVE-2020-6822, and CVE-2020-6825

    • Fixes for mfsa2020-17 also known as:

      CVE-2020-12387, CVE-2020-12388, CVE-2020-12389,
      CVE-2020-6831, CVE-2020-12392, CVE-2020-12393, 
      and CVE-2020-1239

    • Fixes for mfsa2020-21 also known as:

      CVE-2020-12399, CVE-2020-12405,
      CVE-2020-12406, CVE-2020-12410

    • Fixes for mfsa2020-25 also known as:

      CVE-2020-12417, CVE-2020-12418, CVE-2020-12419,
      CVE-2020-12420, CVE-2020-12421

    • Fixes for mfsa2020-31 also known as:

      CVE-2020-15652, CVE-2020-6514, CVE-2020-6463,
      CVE-2020-15650, CVE-2020-15649, and CVE-2020-15659

    • Fixes for mfsa2020-37 also known as: CVE-2020-15663, CVE-2020-15664, and CVE-2020-15669

Base system

  • Fixed privilege escalation via environment variables in the /bin/update binary.
  • Fixed privilege escalation via environment variable PATH in /bin/usershell binary.
  • Fixed privilege escalation via PATH environment variable in the /bin/update binary.