Opened 9 months ago

Closed 9 months ago

#14227 closed enhancement (fixed)

Patch Seamonkey for CVE-2020-26950

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Seamonkey is vulnerable to the same 0day that Firefox, JS78, and Thunderbird are affected by because they all use the same JavaScript engine.

In Seamonkey, the patches will have to be applied manually and massaged a bit.

The patches will come from:

https://hg.mozilla.org/releases/mozilla-esr78/rev/22b8bef3c436a4d36b586804f342928e1ab11e51

https://hg.mozilla.org/releases/mozilla-esr78/rev/f8c30263d78e8e81b20e5f59ef0cbfeabe17f6b6

Change History (3)

comment:1 by Douglas R. Reno, 9 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 9 months ago

This wasn't as much of a straightforward patch as I thought it would be. Everything goes well until the ionDisable() call comes into place. I did some research throughout the rest of the codebase and I think using 'return Method_Skipped;' will have the same effect. I'm not sure when the ionDisable() call was introduced, but it must have been between ESR 52 and ESR 78

comment:3 by Douglas R. Reno, 9 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r23885

Note: See TracTickets for help on using tickets.