Opened 7 months ago

Closed 7 months ago

#20305 closed enhancement (fixed)

firefox-128.2.0

Reported by: Joe Locash Owned by: Douglas R. Reno
Priority: high Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version. Release notes not available yet, but probably contains security fixes like most esr releases.

cbindgen changes not needed. I built with the bundled icu so not sure about that.

Change History (5)

comment:1 by Joe Locash, 7 months ago

Priority: normalelevated

Release notes: 

Various security fixes and other quality improvements.

Security Fixes

  • CVE-2024-8385: WASM type confusion involving ArrayTypes (High)
  • CVE-2024-8381: Type confusion when looking up a property name in a "with" block (HIGH)
  • CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (Moderate)
  • CVE-2024-8383: Firefox did not ask before openings news: links in an external application (Moderate)
  • CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions (Moderate)
  • CVE-2024-8386: SelectElements could be shown over another site if popups are allowed (Low)
  • CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (High)

comment:2 by Douglas R. Reno, 7 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 7 months ago

The change for ICU seems to still be needed

comment:4 by Douglas R. Reno, 7 months ago

Priority: elevatedhigh

Some of these vulnerabilities have been updated to Critical by NVD

comment:5 by Douglas R. Reno, 7 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 801d1d1d0af79c74687cd8aa07fcd83b98600223

SA-12.2-004 issued

Note: See TracTickets for help on using tickets.