#14995 closed enhancement (fixed)
firefox-78.10.1esr mozjs-78.10.1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | low | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Release Notes: {{ Fixed Resolved an issue caused by a recent Widevine plugin update which prevented some purchased video content from playing correctly (bug 1705138) }
Looking at https://bugzilla.mozilla.org/show_bug.cgi?id=1705138 it seems to be windows 10 (macOS issue is apparently different), not sure if widevine content works on linux nowadays.
Security fix https://www.mozilla.org/en-US/security/advisories/mfsa2021-18/
CVE-2021-29951 The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. ''Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected''
Change History (9)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 3 comment:2 by , 3 years ago
comment:3 by , 3 years ago
Replying to Tim Tassonis:
Just watched a couple of hours of Arrested Development on Netflix (Firefox 78.10.0esr), no issues. Netflix uses widevine.
From the bug, Amazon Prime is not affected, so I guess not everything using widevine uses the same content protection or License Enforcement.
Anyway, glad it works for you. I'm expecting to do this in 2 or 3 days after the next rust release.
comment:4 by , 3 years ago
| Summary: | firefox-78.10.1esr → firefox-78.10.1esr mozjs-78.10.1 |
|---|
follow-up: 6 comment:5 by , 3 years ago
Ok, I did the thunderbird release now. Do you think it would be a good idea to then also re-do the thunderbird release? I could do that, to make sure it also builds fine with new rust.
follow-up: 7 comment:6 by , 3 years ago
Replying to Tim Tassonis:
Ok, I did the thunderbird release now. Do you think it would be a good idea to then also re-do the thunderbird release? I could do that, to make sure it also builds fine with new rust.
No sign of rust-1.52.0 yet, I think it is due tomorrow. When I can get hold of it (my broadband may be down for a while tomorrow) I'll be rebuilding *everything* which uses rust to check.
At the moment I've built them all with patched 1.51.0 (and gcc-11.1.0).
comment:7 by , 3 years ago
Replying to ken@…:
Replying to Tim Tassonis:
Ok, I did the thunderbird release now. Do you think it would be a good idea to then also re-do the thunderbird release? I could do that, to make sure it also builds fine with new rust.
No sign of rust-1.52.0 yet, I think it is due tomorrow. When I can get hold of it (my broadband may be down for a while tomorrow) I'll be rebuilding *everything* which uses rust to check.
At the moment I've built them all with patched 1.51.0 (and gcc-11.1.0).
Didn't mean to say "it's mine, all mine", only "I'm already intending to do this". If you have the time, and interest, feel free to build 1.52.0 (using sysllvm, so same instructions as for now) and try thunderbird, then report back. If thunderbird has problems, I suspect firefox will have similar problems.
comment:8 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed in 10.1-314, @ca73053acd6076f5e150cb466eea7d0983673d3e
Just watched a couple of hours of Arrested Development on Netflix (Firefox 78.10.0esr), no issues. Netflix uses widevine.