Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[18.03] firefox{-bin,}: 62.0.2 -> 62.0.3, firefox-esr-60: 60.2.1 -> 60.2.2 #47713

Merged
merged 3 commits into from Oct 3, 2018
Merged

[18.03] firefox{-bin,}: 62.0.2 -> 62.0.3, firefox-esr-60: 60.2.1 -> 60.2.2 #47713

merged 3 commits into from Oct 3, 2018

Conversation

andir
Copy link
Member

@andir andir commented Oct 3, 2018
edited

Motivation for this change

This update bumps the package to the latest stable version containing a
few security fixes:

  • CVE-2018-12386: Type confusion in JavaScript
    A vulnerability in register allocation in JavaScript can lead to type
    confusion, allowing for an arbitrary read and write. This leads to
    remote code execution inside the sandboxed content process when
    triggered.

  • CVE-2018-12387
    A vulnerability where the JavaScript JIT compiler inlines
    Array.prototype.push with multiple arguments that results in the stack
    pointer being off by 8 bytes after a bailout. This leaks a memory
    address to the calling function which can be used as part of an
    exploit inside the sandboxed content process.

Source: mozilla.org/en-US/security/advisories/mfsa2018-24

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@andir
firefox-bin: 62.0.2 -> 62.0.3 [critical security fixes]
77188fd 
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12386: Type confusion in JavaScript
  A vulnerability in register allocation in JavaScript can lead to type
  confusion, allowing for an arbitrary read and write. This leads to
  remote code execution inside the sandboxed content process when
  triggered.

- CVE-2018-12387
  A vulnerability where the JavaScript JIT compiler inlines
  Array.prototype.push with multiple arguments that results in the stack
  pointer being off by 8 bytes after a bailout. This leaks a memory
  address to the calling function which can be used as part of an
  exploit inside the sandboxed content process.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(cherry picked from commit 64d0266)
@andir
firefox: 62.0.2 -> 62.0.3 [critical security fixes]
a812396 
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12386: Type confusion in JavaScript
  A vulnerability in register allocation in JavaScript can lead to type
  confusion, allowing for an arbitrary read and write. This leads to
  remote code execution inside the sandboxed content process when
  triggered.

- CVE-2018-12387
  A vulnerability where the JavaScript JIT compiler inlines
  Array.prototype.push with multiple arguments that results in the stack
  pointer being off by 8 bytes after a bailout. This leaks a memory
  address to the calling function which can be used as part of an
  exploit inside the sandboxed content process.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(cherry picked from commit e7785f1)
@andir
firefox-esr-60: 60.2.1 -> 60.2.2 [critical security fixes]
e974c91 
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12386: Type confusion in JavaScript
  A vulnerability in register allocation in JavaScript can lead to type
  confusion, allowing for an arbitrary read and write. This leads to
  remote code execution inside the sandboxed content process when
  triggered.

- CVE-2018-12387
  A vulnerability where the JavaScript JIT compiler inlines
  Array.prototype.push with multiple arguments that results in the stack
  pointer being off by 8 bytes after a bailout. This leaks a memory
  address to the calling function which can be used as part of an
  exploit inside the sandboxed content process.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
(cherry picked from commit 246d284)
@andir andir merged commit 1d434c5 into NixOS:release-18.03 Oct 3, 2018
@andir andir deleted the 18.03/firefox branch October 3, 2018 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 0 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@andir @GrahamcOfBorg