This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 4 commits
- 2 files changed
- 1 contributor
Commits on Oct 3, 2018
-
firefox-bin: 62.0.2 -> 62.0.3 [critical security fixes]
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ (cherry picked from commit 64d0266)
-
firefox: 62.0.2 -> 62.0.3 [critical security fixes]
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ (cherry picked from commit e7785f1)
-
firefox-esr-60: 60.2.1 -> 60.2.2 [critical security fixes]
This update bumps the package to the latest stable version containing a few security fixes: - CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. - CVE-2018-12387 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ (cherry picked from commit 246d284)
-
Merge pull request #47714 from andir/18.09/firefox
[18.09] firefox{-bin,}: 62.0.2 -> 62.0.3, firefox-esr-60: 60.2.1 -> 60.2.2
There are no files selected for viewing