Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

firefox: security update to 64.0 #1536

Closed
l2dy opened this issue Dec 12, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@l2dy
Copy link
Contributor

commented Dec 12, 2018

CVE IDs: CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18495, CVE-2018-18497, CVE-2018-18498

Other security advisory IDs: USN-3844-1

Descriptions:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass same-origin
restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406,
CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493,
CVE-2018-18494, CVE-2018-18498)

Multiple security issues were discovered in WebExtensions. If a user were
tricked in to installing a specially crafted extension, an attacker could
potentially exploit these to open privileged pages, or bypass other
security restrictions. (CVE-2018-18495, CVE-2018-18497)

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/

Architectural progress:

  • AMD64 amd64

MingcongBai added a commit that referenced this issue Jan 14, 2019

firefox: update to 64.0.2; #1536
- Enable PGO on AMD64, patches from Fedora and upstream.
- Clean up defines.
- Remove deprecated --enable-pie option.
- More vendor-specific preferences to further limit Pocket integration and telemetry.
@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 25, 2019

Fixed with 19c2601. Closing.

@l2dy

This comment has been minimized.

Copy link
Contributor Author

commented Jan 25, 2019

Use AOSA-2019-0006.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.