Opened 3 years ago

Closed 3 years ago

#14609 closed enhancement (fixed)

firefox-78.7.1 and mozjs

Reported by: Douglas R. Reno Owned by: ken@…
Priority: normal Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New point versions

Change History (3)

comment:1 by Pierre Labastie, 3 years ago

Release notes at

Firefox ESR

Version 78.7.1, first offered to ESR channel users on February 5, 2021


    Security fix

    Prevent access to NTFS special paths that could lead to filesystem corruption.

The link to the security fix page ( is broken

comment:2 by ken@…, 3 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

The link to the security advisory works for me,

Firefox 85.0.1 Firefox ESR 78.7.1

#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures


Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative




In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer. This issue has been assigned a temporary identifier, pending assignment of a CVE. References

Bug 1676636

comment:3 by ken@…, 3 years ago

Resolution: fixed
Status: assignedclosed

Forgot to add: no changes in js/src, only firefox needs to be upgraded to fix this.


Note: See TracTickets for help on using tickets.