Opened 2 years ago
Closed 2 years ago
#16567 closed enhancement (fixed)
Patch Seamonkey against CVE-2022-1802 and CVE-2022-1529
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | critical | Keywords: | |
| Cc: |
Description
Because Seamonkey uses the same rendering and JavaScript engine as Firefox and Thunderbird, it will also need to be patched against these two critical security vulnerabilities.
From what I gather, the exploits for these vulnerabilities were demonstrated on-stage at the Pwn2Own conference.
I'll also test this with GCC-12.
The patches in question are:
https://hg.mozilla.org/releases/mozilla-esr91/rev/262b3b86a564b17e3397b519488698bc530f0858 https://hg.mozilla.org/releases/mozilla-esr91/rev/f267409967467cd539e8b63aec4d034ca8451bfb https://hg.mozilla.org/releases/mozilla-esr91/rev/757b55aab315b014546ac7f0bbf81a5c097c67f4
Change History (5)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
| Priority: | normal → high |
|---|---|
| Severity: | normal → critical |
comment:5 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Due to the security-related nature of both of these updates, promoting to High. See Firefox ticket for more details.
These vulnerabilities were both demonstrated at the Pwn2Own conference on Wednesday. https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results