Opened 3 years ago
Closed 3 years ago
#14227 closed enhancement (fixed)
Patch Seamonkey for CVE-2020-26950
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | highest | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Seamonkey is vulnerable to the same 0day that Firefox, JS78, and Thunderbird are affected by because they all use the same JavaScript engine.
In Seamonkey, the patches will have to be applied manually and massaged a bit.
The patches will come from:
https://hg.mozilla.org/releases/mozilla-esr78/rev/22b8bef3c436a4d36b586804f342928e1ab11e51
https://hg.mozilla.org/releases/mozilla-esr78/rev/f8c30263d78e8e81b20e5f59ef0cbfeabe17f6b6
Change History (3)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
Note:
See TracTickets
for help on using tickets.
This wasn't as much of a straightforward patch as I thought it would be. Everything goes well until the ionDisable() call comes into place. I did some research throughout the rest of the codebase and I think using 'return Method_Skipped;' will have the same effect. I'm not sure when the ionDisable() call was introduced, but it must have been between ESR 52 and ESR 78