Opened 12 months ago
Closed 12 months ago
#19666 closed enhancement (fixed)
Spidermonkey from Firefox-115.10.0
| Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
There is at least one JS change in this cycle:
https://hg.mozilla.org/releases/mozilla-esr115/rev/05ab058811bf716fb0552469fb806b1206a22542
and the associated bugzilla ticket is still not public. So it might be a security fix or not...
Change History (5)
comment:1 by , 12 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 12 months ago
comment:3 by , 12 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 12 months ago
CVE-2024-3852: GetBoundName in the JIT returned the wrong object (High)
CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement (High)
CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection (High)
I'm thinking these three vulnerabilities are the ones since they are in the JIT component that mozjs provides.
comment:5 by , 12 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 55c9a18216c60362e074201cc6414452f4457639
SA-12.1-031 issued
Note:
See TracTickets
for help on using tickets.
There are three vulnerabilities in Firefox that have to do with the JIT code which would likely mean that this is the impacted component