Change History (13)
comment:1 by , 21 months ago
comment:3 by , 21 months ago
+1, I'm quite sure there are not all that many Kingsoft Antivirus fans amongst us. I will stay on 115.0.
comment:4 by , 21 months ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
comment:5 by , 21 months ago
| Milestone: | 11.4 → 99-Waiting |
|---|---|
| Priority: | normal → low |
| Resolution: | wontfix |
| Status: | closed → reopened |
| Summary: | firefox-115.0.1 → firefox-115.0.1 (wait for the next release) |
Keep it opened so we won't create a new ticket when we run the currency script.
comment:6 by , 21 months ago
| Milestone: | 99-Waiting → 11.4 |
|---|---|
| Priority: | low → elevated |
| Summary: | firefox-115.0.1 (wait for the next release) → firefox-115.0.2 |
Now 115.0.2 with a security fix and some other changes
comment:7 by , 21 months ago
| Owner: | changed from to |
|---|---|
| Status: | reopened → new |
comment:8 by , 21 months ago
My measurements for timing (33 SBU) are unreliable, system was in swap. Redoing.
comment:9 by , 21 months ago
Fixed bugs include broken audio rendering for icecast mp3 streamers.
Security fix https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/ is ambiguous: Impact is labelled as High, but the only item, 'CVE-2023-3600 - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.' is labelled as Moderate impact.
According to https://www.cybersecurity-help.cz/vdb/SB2023071154 "A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system." which is definitely High Impact.
comment:10 by , 21 months ago
| Status: | new → assigned |
|---|
Book updated in b6cb36ffa1 11.3-938
Security Advisory will be done eventually.
comment:11 by , 21 months ago
I reported this to bmo, it is indeed High and was a copy-and-paste error for an urgent update, now fixed.
comment:12 by , 21 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA-11.3-056 created.
Also new version of 115.0.1 non-esr.
Release note (for both) at https://www.mozilla.org/en-US/firefox/115.0.1/releasenotes/
Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bug 1837242)
Tarball sizes quite different - some of that is the vagaries of xz compression, but non-esr also includes changes to non-esr also has changes in startupcache/StartupCache.{cpp,h} which appear to be related to comments later in the bug.