Change History (7)
comment:1 by , 2 years ago
comment:2 by , 2 years ago
Yes, Joe Locash posted a patch for firefox. I'm being pedantic about whether it is all needed (looks as if it is, third attempt just started).
comment:4 by , 2 years ago
Security fixes (see https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32211)
CVE-2023-32205: Browser prompts could have been obscured by popups : rated High
CVE-2023-32206: Crash in RLBox Expat driver fro mo-o-b read: rated High
CVE-2023-32207: Potential permissions request bypass via clickjacking: rated High
CVE-2023-32211: Content process crash due to invalid wasm code: rated Medium
A type checking bug would have led to invalid code being compiled. (note from Ken: there are various changes in js/src, I think this is one of them)
CVE-2023-32212: Potential spoof due to obscured address bar: rated medium
CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
Note CVE-2023-32214: Potential DoS via exposed protocol handlers only affects MS-Windows
CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11: rated High
comment:5 by , 2 years ago
Committed in 5a39c5a056f3fe4cdfaeeae8ededaa04a35273f4 11.3-475
Keeping open until I've done the security advisories.
comment:6 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Advisories SA 11.3-025 (JS102) and SA 11.3-026 (Firefox) created.
You'll probably need a GCC 13 patch for both, I think it was brought up on the lists.