#13855 closed enhancement (fixed)
js-68.11.0
| Reported by: | Bruce Dubbs | Owned by: | Pierre Labastie |
|---|---|---|---|
| Priority: | high | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
From firefox. New minor version.
Change History (5)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:4 by , 4 years ago
| Priority: | normal → high |
|---|
CVE-2020-15652 seems to be related to JavaScript:
Reporter
Mikhail Oblozhikhin
Impact
high
Description
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.
"This applied only to content that can be parsed as script." This makes me think that it's JS related.
comment:5 by , 4 years ago
I've seen that and I was not sure: I do not know what a "cross-redirect" is, but it looked related to web content. I agree it is better to be conservative and to promote to high, though. Thanks for doing that.
Note:
See TracTickets
for help on using tickets.
security fixes for firefox-68.11.0esr at https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/
Not sure any of those apply to js, though.