Opened 2 weeks ago
Closed 12 days ago
#19666 closed enhancement (fixed)
Spidermonkey from Firefox-115.10.0
| Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
There is at least one JS change in this cycle:
https://hg.mozilla.org/releases/mozilla-esr115/rev/05ab058811bf716fb0552469fb806b1206a22542
and the associated bugzilla ticket is still not public. So it might be a security fix or not...
Change History (5)
comment:1 by , 13 days ago
| Priority: | normal → elevated |
|---|
comment:2 by , 13 days ago
comment:3 by , 12 days ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 12 days ago
CVE-2024-3852: GetBoundName in the JIT returned the wrong object (High)
CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement (High)
CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection (High)
I'm thinking these three vulnerabilities are the ones since they are in the JIT component that mozjs provides.
comment:5 by , 12 days ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 55c9a18216c60362e074201cc6414452f4457639
SA-12.1-031 issued
Note:
See TracTickets
for help on using tickets.
There are three vulnerabilities in Firefox that have to do with the JIT code which would likely mean that this is the impacted component