#9032 closed defect (fixed)
firefox-52.0.1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
From the Arch advisory, found at lwn.net:
Description =========== An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Impact ====== A remote attacker might be able to execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa201... https://bugzilla.mozilla.org/show_bug.cgi?id=1348168 https://security.archlinux.org/CVE-2017-5428
Change History (6)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 3 comment:2 by , 7 years ago
I was just starting to look at this, but please go ahead.
One thing I was wondering about is the comment we have:
The tarball firefox-52.0.source.tar.xz will untar to firefox-52.0 directory. However, if you do this in a directory where the sticky bit is set, such as /tmp it will end with error messages:
Just to see what is going on, I did:
tar -tvf firefox-52.0.1.source.tar.xz|head
Right as the first entry I got the curious entry:
drwxr-xr-x 0/0 0 2017-03-17 07:04 ./
So tar is resetting the permissions of the current directory to 0755 if it has permissions to do so. I don't know if I've ever seen that. What they are doing is:
'tar -Jcf xyz.tar.xz .' as the root user.
Seems like bad usage to me. Should this be reported?
comment:3 by , 7 years ago
Replying to bdubbs@…:
I was just starting to look at this, but please go ahead.
One thing I was wondering about is the comment we have:
The tarball firefox-52.0.source.tar.xz will untar to firefox-52.0 directory. However, if you do this in a directory where the sticky bit is set, such as /tmp it will end with error messages:
Just to see what is going on, I did:
tar -tvf firefox-52.0.1.source.tar.xz|head
Right as the first entry I got the curious entry:
drwxr-xr-x 0/0 0 2017-03-17 07:04 ./
So tar is resetting the permissions of the current directory to 0755 if it has permissions to do so. I don't know if I've ever seen that. What they are doing is:
'tar -Jcf xyz.tar.xz .' as the root user.
Seems like bad usage to me. Should this be reported?
Interesting, you are more on top of that than I am. If you think it will do any good, report it. My personal view is that they have their own agenda, and the views of people who build their releases on linux have a very low priority. Jaundiced, moi ? Probably.
comment:4 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at r18519 if I've correctly noted what Bruce wrote above about tar.
Only a couple of changes in the main code, but for the many docker files it looks as if they might have moved them (massive deletes, massive additions). For us, looks good to go.