#17913 closed enhancement (fixed)
firefox-102.10.0 and JS-102.10.0.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Now available, waiting for release notes tomorrow.
NB I'm copying the ffmpeg patch from 102.9.0-ffmpeg-2 to 102.9.0-ffmpeg-1 because it is the first version for 102.10.
Change History (7)
follow-up: 2 comment:1 by , 13 months ago
comment:2 by , 13 months ago
Replying to Xi Ruoyao:
Just
ln -sv firefox-102.9.0-ffmpeg_6-2.patch firefox-102.10.0-ffmpeg_6-1.patch.Do not touch
firefox-102.9.0-ffmpeg_6-1.patch: though it's buggy, it has once appeared in the book and a stealth update is not a good idea.And use symlink to save some server space.
Normally, I remember to symlink. Today I forgot. AFAICS I did not 'git rm' the 102.9.0-ffmpeg_1 patch, but git status said it was deleted. Looking at the commit, I'm very confused so I reverted the commit and this time used symlinks.
comment:3 by , 13 months ago
| Priority: | normal → high |
|---|
comment:4 by , 13 months ago
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/
The following apply to linux systems:
CVE-2023-29533 Fullscreen notification obscured, rated High
(MFSA-TMP-2023-0001 double-free in libwebp, rated High) For BLFS, system libwebp needs to be updated
CVE-2023-29535 potential memory corruption following garbage collector compaction, rated High
CVE-2023-29536 invalid free from javascript code, rated High. Potentially exploitable, this also applies to mozjs (spidermonkey) JS-102.
CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download, rated moderate
CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on linux, rated moderate: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.
CVE-2023-1945 Memory Corruption in Safe Browsing Code, rated moderate
CVE-2023-29550 Memory Safety Bugs fixed in firefox 112 and firefox 102.10, rated High
comment:6 by , 13 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisories SA 11.3-016 (JS) and SA 11.3-017 (Firefox)
Just
ln -sv firefox-102.9.0-ffmpeg_6-2.patch firefox-102.10.0-ffmpeg_6-1.patch.Do not touch
firefox-102.9.0-ffmpeg_6-1.patch: though it's buggy, it has once appeared in the book and a stealth update is not a good idea.And use symlink to save some server space.