Page MenuHomeSolus

Update firefox to 74.0
ClosedPublic

Authored by kyrios123 on Mar 11 2020, 5:52 AM.

Details

Reviewers
None
Group Reviewers
Triage Team
Commits
R755:25bf9b3052c0: Update firefox to 74.0
Summary

Security:

  • CVE-2020-6805: Use-after-free when removing data about origins
  • CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
  • CVE-2020-6807: Use-after-free in cubeb during stream destruction
  • CVE-2020-6808: URL Spoofing via javascript: URL
  • CVE-2020-6809: Web Extensions with the all-urls permission could access local files
  • CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
  • CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  • CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
  • CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
  • CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
  • CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
  • CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74

Release notes available here

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Browsed a few websies

Diff Detail

Repository
R755 firefox
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kyrios123 created this revision.Mar 11 2020, 5:52 AM
kyrios123 requested review of this revision.Mar 11 2020, 5:52 AM
kyrios123 added inline comments.Mar 11 2020, 5:52 AM
abi_used_libs
39

no idea why this guy is gone

They removed that support and call set_startup_id in GTK directly now: https://hg.mozilla.org/mozilla-central/rev/f9cf5980bce9

Can remove the pkgconfig and push after that, looked good otherwise.

kyrios123 updated this revision to Diff 20276.Mar 12 2020, 9:38 AM

Drop pkgconfig(libstartup-notification-1.0)

This revision was not accepted when it landed; it landed in state Needs Review.Mar 12 2020, 9:38 AM
This revision was automatically updated to reflect the committed changes.