Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#13855 closed enhancement (fixed)

js-68.11.0

Reported by: Bruce Dubbs Owned by: Pierre Labastie
Priority: high Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

From firefox. New minor version.

Change History (5)

comment:1 by Pierre Labastie, 2 years ago

Owner: changed from blfs-book to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 2 years ago

security fixes for firefox-68.11.0esr at https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/

Not sure any of those apply to js, though.

comment:3 by Pierre Labastie, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r23430

comment:4 by Douglas R. Reno, 2 years ago

Priority: normalhigh

CVE-2020-15652 seems to be related to JavaScript:

Reporter
    Mikhail Oblozhikhin
Impact
    high

Description

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.

"This applied only to content that can be parsed as script." This makes me think that it's JS related.

comment:5 by Pierre Labastie, 2 years ago

I've seen that and I was not sure: I do not know what a "cross-redirect" is, but it looked related to web content. I agree it is better to be conservative and to promote to high, though. Thanks for doing that.

Note: See TracTickets for help on using tickets.