Opened 17 months ago
Closed 17 months ago
#18766 closed enhancement (fixed)
firefox-115.4.0esr
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
Now available. The diff from 115.3.1 is large -
- various changes in media, gfx : gfx seems to be backports from 119.0
- scaled font changes for macOS, as developed in 119.0
- changes in js/src
- the usual changes in security/manager/ssl/nsSTSPreloadList.inc those are 61% of the lines in the diff)
- changes in security/sandbox/linux/broker/SandboxBroker.cpp, again backports from 119.0
- amusing comments about windows events in widget/windows/nsWindow.cpp with nice use of alpha, beta and gamma glyphs ;-)
Change History (4)
comment:1 by , 17 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 17 months ago
On reflection, the vulnerabilities which could cause a crash should be rated as High by our standards.
Note:
See TracTickets
for help on using tickets.
Release notes are at https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/
CVE-2023-5721: Queued up rendering could have allowed websites to clickjack, rated High
CVE-2023-5732: Address bar spoofing via bidirectional characters, rated medium
CVE-2023-5724: Large WebGL draw could have led to a crash, reated medium
CVE-2023-5725: WebExtensions could open arbitrary URLs, rated medium
CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash, rated medium - also applies to SpiderMonkey
CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4, rated High
Other CVEs for macOS and windows