Opened 3 years ago

Closed 3 years ago

#14464 closed enhancement (fixed)

firefox-78.6.1 and js-78.6.1

Reported by: Bruce Dubbs Owned by: ken@…
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by ken@…, 3 years ago

Awaiting release notes (84.0.2 also released and awaiting notes).

Looking at a diff, I can see a broken warning being removed on very old clang and the removal of related clang diagnostics in a Codegen.py file,the webgpu fixes re _0 for cbindgen-0.16.0, but also changes to an sctp file.

No changes to the javascript78 part.

comment:2 by Douglas R. Reno, 3 years ago

Priority: normalhigh

Mozilla marks this update as Critical:

Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1

Announced
    January 6, 2021
Impact
    critical
Products
    Firefox, Firefox ESR, Firefox for Android
Fixed in

        Firefox 84.0.2
        Firefox ESR 78.6.1
        Firefox for Android 84.1.3

#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Reporter
    Ned Williamson
Impact
    critical

Description

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.
References

    Bug 1683964

The release notes are now available - other than the above security fix, there is a fix for video playback on Apple Silicon.

comment:3 by ken@…, 3 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

Thanks, I've just got to the notes.

comment:4 by ken@…, 3 years ago

Resolution: fixed
Status: assignedclosed

I find it amusing that the source tarball for 78.6.1 is smaller than for 78.6.0 when the short diff between them suggests 51 lines of code were deleted and 103 lines added.

r24080.

Note: See TracTickets for help on using tickets.