Opened 6 months ago

Closed 6 months ago

#14609 closed enhancement (fixed)

firefox-78.7.1 and mozjs

Reported by: Douglas R. Reno Owned by: ken@…
Priority: normal Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point versions

Change History (3)

comment:1 by Pierre Labastie, 6 months ago

Release notes at https://www.mozilla.org/en-US/firefox/78.7.1/releasenotes/

Firefox ESR

Version 78.7.1, first offered to ESR channel users on February 5, 2021

Fixed

    Security fix

    Prevent access to NTFS special paths that could lead to filesystem corruption.

The link to the security fix page (https://www.mozilla.org/fr/security/advisories/mfsa2021-06/) is broken

comment:2 by ken@…, 6 months ago

Owner: changed from blfs-book to ken@…
Status: newassigned

The link to the security advisory works for me,

Firefox 85.0.1 Firefox ESR 78.7.1

#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures

Reporter

Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative

Impact

critical

Description

In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer. This issue has been assigned a temporary identifier, pending assignment of a CVE. References

Bug 1676636

comment:3 by ken@…, 6 months ago

Resolution: fixed
Status: assignedclosed

Forgot to add: no changes in js/src, only firefox needs to be upgraded to fix this.

r24178

Note: See TracTickets for help on using tickets.