#17781 closed enhancement (fixed)
firefox-102.9.0esr and JS-102.9.0
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Now available.
Reminder to self, the 'grep | sed' to remove 'rU' should have been dropped for JS-102.8.0, but I forgot to do that after all the kerfuffle with (late arrival of source, changes from the candidate).
Change History (4)
comment:1 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisories SA 11.3-004 for JS-102 and 11.3-005 for firefox.
Note:
See TracTickets
for help on using tickets.
Mozilla Security details for firefox-102.9.0 at [https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/
CVE-2023-25751: Incorrect code generation during JIT compilation, rated as High
I guess this might also apply to JS102, will flag that too as a security update.
CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9, rated as High
CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation, rated as medium
CVE-2023-28162: Invalid downcast in Worklets, rated as medium
CVE-2023-25752: Potential out-of-bounds when accessing throttled streams, rated as medium