Opened 19 months ago

Closed 19 months ago

Last modified 18 months ago

#15268 closed enhancement (fixed)

firefox-78.12.0esr and JS78-12.0

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

Released on schedule, waiting for Release Notes.

Change History (6)

comment:1 by ken@…, 19 months ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 19 months ago

Various stability, functionality and security fixes:

CVE-2021-29970: Use-after-free in accessibility features of a document

Reporter
    Irvan Kurniawan
Impact
    high

Description

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash.
This bug only affected Firefox when accessibility was enabled.
CVE-2021-30547: Out of bounds write in ANGLE

Reporter
    (Unknown)
Impact
    high

Description

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.
References

    Bug 1715766
CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

Reporter
    Mozilla developers
Impact
    high

Description

Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

I am unclear what is mean by "This bug only affected Firefox when accessibility was enabled." Looking at about:config there are various accessibility features, most of which default to false. A quick google implies that each option can be turned on by the user, therefore some users might be vulnerable.

For ANGLE, as we've seen from a past report (for 78.7.1, later clarified) that is not used in linux.

But the usual memory safety bugs apply to all.

comment:3 by ken@…, 19 months ago

Priority: normalelevated

comment:4 by Douglas R. Reno, 19 months ago

Thank you for the warning on accessibility bugs, I have a bunch of those turned on at least one of my computers!

comment:5 by ken@…, 19 months ago

Resolution: fixed
Status: assignedclosed

Advisory SA 10.1-075

comment:6 by Bruce Dubbs, 18 months ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.