Opened 2 years ago

Closed 2 years ago

#14227 closed enhancement (fixed)

Patch Seamonkey for CVE-2020-26950

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


Seamonkey is vulnerable to the same 0day that Firefox, JS78, and Thunderbird are affected by because they all use the same JavaScript engine.

In Seamonkey, the patches will have to be applied manually and massaged a bit.

The patches will come from:

Change History (3)

comment:1 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 2 years ago

This wasn't as much of a straightforward patch as I thought it would be. Everything goes well until the ionDisable() call comes into place. I did some research throughout the rest of the codebase and I think using 'return Method_Skipped;' will have the same effect. I'm not sure when the ionDisable() call was introduced, but it must have been between ESR 52 and ESR 78

comment:3 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r23885

Note: See TracTickets for help on using tickets.