Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#13855 closed enhancement (fixed)

js-68.11.0

Reported by: Bruce Dubbs Owned by: Pierre Labastie
Priority: high Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

From firefox. New minor version.

Change History (5)

comment:1 by Pierre Labastie, 14 months ago

Owner: changed from blfs-book to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 14 months ago

security fixes for firefox-68.11.0esr at https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/

Not sure any of those apply to js, though.

comment:3 by Pierre Labastie, 14 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r23430

comment:4 by Douglas R. Reno, 14 months ago

Priority: normalhigh

CVE-2020-15652 seems to be related to JavaScript:

Reporter
    Mikhail Oblozhikhin
Impact
    high

Description

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.

"This applied only to content that can be parsed as script." This makes me think that it's JS related.

comment:5 by Pierre Labastie, 14 months ago

I've seen that and I was not sure: I do not know what a "cross-redirect" is, but it looked related to web content. I agree it is better to be conservative and to promote to high, though. Thanks for doing that.

Note: See TracTickets for help on using tickets.