Opened 4 years ago
Closed 4 years ago
#14464 closed enhancement (fixed)
firefox-78.6.1 and js-78.6.1
| Reported by: | Bruce Dubbs | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (4)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
| Priority: | normal → high |
|---|
Mozilla marks this update as Critical:
Security Vulnerabilities fixed in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1
Announced
January 6, 2021
Impact
critical
Products
Firefox, Firefox ESR, Firefox for Android
Fixed in
Firefox 84.0.2
Firefox ESR 78.6.1
Firefox for Android 84.1.3
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Reporter
Ned Williamson
Impact
critical
Description
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.
References
Bug 1683964
The release notes are now available - other than the above security fix, there is a fix for video playback on Apple Silicon.
comment:3 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Thanks, I've just got to the notes.
comment:4 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I find it amusing that the source tarball for 78.6.1 is smaller than for 78.6.0 when the short diff between them suggests 51 lines of code were deleted and 103 lines added.
Note:
See TracTickets
for help on using tickets.
Awaiting release notes (84.0.2 also released and awaiting notes).
Looking at a diff, I can see a broken warning being removed on very old clang and the removal of related clang diagnostics in a Codegen.py file,the webgpu fixes re _0 for cbindgen-0.16.0, but also changes to an sctp file.
No changes to the javascript78 part.