Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 4 commits
- 2 files changed
- 1 contributor
Commits on Oct 3, 2018
-
firefox-bin: 62.0.2 -> 62.0.3 [critical security fixes]
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
-
firefox: 62.0.2 -> 62.0.3 [critical security fixes]
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
-
firefox-esr-60: 60.2.1 -> 60.2.2 [critical security fixes]
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
-
Merge pull request #47712 from andir/firefox
firefox{-bin,}: 62.0.2 -> 62.0.3, firefox-esr-60: 60.2.1 -> 60.2.2
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 2dd69e8d8ecf...1200117b5c3d