Opened 3 years ago
Closed 3 years ago
#16202 closed enhancement (fixed)
Patch Seamonkey against CVE-2022-26485
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | critical | Keywords: | |
| Cc: |
Description ¶
After doing a 'diff' between Firefox-91.6.0 and Firefox-91.6.1, I have the changes required to create a patch for Seamonkey.
Seamonkey does not carry WebGPU, so it is immune to CVE-2022-26486. However, it does have the XSLT processor (albeit in a different location), and the code is almost identical to the 'before' section in the diff.
As a result of this, Seamonkey will need to be patched against CVE-2022-26485, which is the Critical severity Use-After-Free (which is actively exploited in the wild).
Change History (3)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
comment:3 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Patch created and works.