Opened 3 weeks ago

Closed 3 weeks ago

#15098 closed enhancement (fixed)

firefox-78.11.0 and js-78.11.0

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 10.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

After a very late 2nd build candidate (which only changed some python2.7 virtualenv files, and pointed a python test script to use their mozilla-esr78 files instead of mozilla-central), this was relased. No Release Notes until some time on Tuesday.

Change History (5)

comment:1 by ken@…, 3 weeks ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by Douglas R. Reno, 3 weeks ago

Mozilla Foundation Security Advisory 2021-24
Security Vulnerabilities fixed in Firefox ESR 78.11

Announced
    June 1, 2021
Impact
    moderate
Products
    Firefox ESR
Fixed in

        Firefox ESR 78.11

#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message

Reporter
    Ronald Crane
Impact
    moderate

Description

A locally-installed hostile program could send WM_COPYDATA messages that Firefox would processing incorrectly, leading to an out-of-bounds read.
This bug only affects Firefox on Windows. Other operating systems are unaffected.
References

    Bug 1706501

#CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11

Reporter
    Mozilla developers and community
Impact
    high

Description

Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11

comment:3 by ken@…, 3 weeks ago

Priority: normalelevated

comment:5 by ken@…, 3 weeks ago

Resolution: fixed
Status: assignedclosed

Security Advisory SA 10.1-055 created.

Note: See TracTickets for help on using tickets.