#11277: firefox-63.0
-------------------------+-----------------------
Reporter: ken@… | Owner: ken@…
Type: enhancement | Status: assigned
Priority: high | Milestone: 8.4
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by ken@…):
* priority: normal => high
Comment:
Release notes now there. Meanwhile, I had tried to update some 8.2
(gcc-7.3.0) systems and failed - for those I have installed 60.3.0esr
successfully. Looking at the release notes, for some reason 63.0 does not
mention security. But in 60.3.0 there is the following:
[https://www.mozilla.org/en-
US/security/advisories/mfsa2018-27/#CVE-2018-12390] -
Description
Mozilla developers and community members Daniel Veditz and Philipp
reported memory safety bugs present in Firefox ESR 60.2. Some of these
bugs showed evidence of memory corruption and we presume that with enough
effort that some of these could be exploited to run arbitrary code.
References
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR
60.3
Mozilla developers and community members Christian Holler, Bob Owen, Boris
Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp,
Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, and
Bogdan Tara reported memory safety bugs present in Firefox 62 and Firefox
ESR 60.2. Some of these bugs showed evidence of memory corruption and we
presume that with enough effort that some of these could be exploited to
run arbitrary code.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11277#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
