Opened 4 years ago
Closed 4 years ago
#14609 closed enhancement (fixed)
firefox-78.7.1 and mozjs
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point versions
Change History (3)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
The link to the security advisory works for me,
Firefox 85.0.1 Firefox ESR 78.7.1
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
Reporter
Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative
Impact
critical
Description
In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer. This issue has been assigned a temporary identifier, pending assignment of a CVE. References
Bug 1676636
comment:3 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Forgot to add: no changes in js/src, only firefox needs to be upgraded to fix this.
Release notes at https://www.mozilla.org/en-US/firefox/78.7.1/releasenotes/
Firefox ESR Version 78.7.1, first offered to ESR channel users on February 5, 2021 Fixed Security fix Prevent access to NTFS special paths that could lead to filesystem corruption.The link to the security fix page (https://www.mozilla.org/fr/security/advisories/mfsa2021-06/) is broken