Page MenuHomeSolus
Differential D2523

Update firefox to 59.0
ClosedPublic
Actions

Authored by kyrios123 on Mar 14 2018, 9:59 PM.
Tags
  • Restricted Project
Referenced Files
F11007523: D2523.diff
Tue, Aug 1, 8:25 PM
F10877235: D2523.diff
Jun 20 2023, 5:19 PM
F10874238: D2523.id.diff
Jun 19 2023, 11:52 PM
F10868972: D2523.diff
Jun 18 2023, 1:46 AM
F10832567: D2523.diff
Jun 6 2023, 4:32 AM
F10829062: D2523.id6178.diff
Jun 4 2023, 11:03 AM
F10802633: D2523.id6156.diff
May 29 2023, 8:01 AM
F10802588: D2523.id6179.diff
May 29 2023, 7:51 AM
View All 18 Files
Subscribers
joebonrichie
JoshStrobl

Details

Reviewers
JoshStrobl
Group Reviewers
Triage Team
Maniphest Tasks
T6018: Update Firefox to 59.0
Commits
R755:1f046f6a3b50: Update firefox to 59.0
Summary

Release notes available here

Security

  • CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
  • CVE-2018-5128: Use-after-free manipulating editor selection ranges
  • CVE-2018-5129: Out-of-bounds write with malformed IPC messages
  • CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
  • CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources
  • CVE-2018-5132: WebExtension Find API can search privileged pages
  • CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized
  • CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions
  • CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts
  • CVE-2018-5136: Same-origin policy violation with data: URL shared workers
  • CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources
  • CVE-2018-5138: Android Custom Tab address spoofing through long domain names
  • CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol
  • CVE-2018-5141: DOS attack through notifications Push API
  • CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs
  • CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar
  • CVE-2018-5126: Memory safety bugs fixed in Firefox 59
  • CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7

Fixes T6018

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan
  • Executed a few online benchmarks

Diff Detail

Repository
R755 firefox
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kyrios123 created this revision.Mar 14 2018, 9:59 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptMar 14 2018, 9:59 PM
kyrios123 requested review of this revision.Mar 14 2018, 9:59 PM
kyrios123 edited the summary of this revision. (Show Details)Mar 14 2018, 10:00 PM
kyrios123 added a project: Restricted Project.
kyrios123 edited the summary of this revision. (Show Details)
kyrios123 added a task: T6018: Update Firefox to 59.0.
kyrios123 updated this revision to Diff 6156.Mar 14 2018, 10:07 PM

I haven't decided yet if stylo should be enabled or not since I don't get any significant difference in my VM (see T4966).
I will probably run some more benchmarks and try to make some tests on a physical machine.

PS: I also made some tests without the CFLAGS & CXXFLAGS for GCC6 and I haven't noticed any issue so they are most likely not needed anymore.

joebonrichie added a subscriber: joebonrichie.Mar 15 2018, 5:24 PM

@kyrios123 I did a local build with system libnspr and libnss enabled no problems if you want to update the diff. Considering if you fix D2496 first.

joebonrichie added inline comments.Mar 15 2018, 5:25 PM
package.yml
23–24

Part of system.devel not necessary.

36–37

cargo depends on rust this this builddep is not necessary.

kyrios123 updated this revision to Diff 6176.Mar 15 2018, 9:29 PM

clean-up package

JoshStrobl requested changes to this revision.Mar 15 2018, 9:35 PM
JoshStrobl added a subscriber: JoshStrobl.
JoshStrobl added inline comments.
files/prefs.js
2

Would appreciate an explanation / links for these changes.

package.yml
73

Any reason this was removed?

This revision now requires changes to proceed.Mar 15 2018, 9:35 PM
kyrios123 requested review of this revision.Mar 15 2018, 9:51 PM
kyrios123 added inline comments.
files/prefs.js
2

This is to match the locale of the OS.
User can replace it by a custom locale.

package.yml
73

Because it tries to make a symlink to something that doesn't exists.

JoshStrobl added inline comments.Mar 15 2018, 9:58 PM
package.yml
73

Used for Flash, Google Talk Plugin, and Rhythmbox plugin.

kyrios123 updated this revision to Diff 6178.Mar 15 2018, 10:03 PM

set back ln -sv %libdir%/mozilla/plugins $installdir/%libdir%/firefox/plugins

kyrios123 updated this revision to Diff 6179.Mar 15 2018, 10:08 PM

also fix pspec_x86_64.xml

This revision was not accepted when it landed; it landed in state Needs Review.Mar 15 2018, 10:10 PM
Closed by commit R755:1f046f6a3b50: Update firefox to 59.0 (authored by kyrios123). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 6180

View Options

files/firefox-install-dir.patch

Loading...
View Options

files/moz1436251.patch

Loading...
View Options

files/prefs.js

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.