Opened 14 months ago
Closed 14 months ago
#17650 closed enhancement (fixed)
firefox-102.8.0esr, JS-102.8.0.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Source now available, about a day later than expected.
Changes in the only candidate included upping the shipped NSS to 3.79.3 to finally handle Trustcor, and fixes for python-3.11.
The release bumped shipped NSS to 3.79.4 to improve handling of unknown PKCS#12 safe bag types, as well as updates to effective_tld_names.dat and nsSTSPreloadList.inc. I note that the 110.0 release is not yet available, waiting for that to see if newer nss is required for that.
Change History (4)
comment:1 by , 14 months ago
| Priority: | normal → elevated |
|---|
follow-up: 3 comment:2 by , 14 months ago
It looks like at least one of those directly impacts Spidermonkey, so that'll mean a SA for mozjs as well
CVE-2023-25746 also seems to be affected, just more memory safety bugs rated as High (but that specifically impacted the 102.7 ESR release)
comment:3 by , 14 months ago
Replying to Douglas R. Reno:
CVE-2023-25746 also seems to be affected, just more memory safety bugs rated as High (but that specifically impacted the 102.7 ESR release)
Thanks, I missed that.
comment:4 by , 14 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Advisories SA 11.2-092 for JS102 and SA 11.2-093 for Firefox.
110.0 was released an hour or two ago, again with a change to shipped nss (to 3.87.1) for fix bug 1804640. Fortunately, that was already fixed in nss-3.88.1 and is high severity (which is why the release note for nss-3.88.1 had not appeared when I last looked).
Security Fixes in 102.8.1 (ignoring non-linux)
CVE-2023-0767 (applies to shipped nss) An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled, rated High
CVE-2023-25728 The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect, rated High
CVE-2023-25729 Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system, rated medium.
CVE-2023-25730 A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks, rated High
CVE-2023-25732 When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write, rated Medium
CVE-2023-25735 Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy, rated High : also applies to JS102.8.0.
CVE-2023-25737 An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior, rated High
CVE-2023-25739 Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext, rated High
CVE-2023-25742 When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash, rated Low
CVE-2023-25744 The usual Memory Safety Bugs, rated High