Page MenuHomeSolus
Differential D8469

Update firefox to 74.0
ClosedPublic
Actions

Authored by kyrios123 on Mar 11 2020, 5:52 AM.
Tags
None
Referenced Files
F11049899: D8469.id20267.diff
Thu, Aug 10, 6:33 PM
F11049898: D8469.id20276.diff
Thu, Aug 10, 6:33 PM
F11049897: D8469.id20277.diff
Thu, Aug 10, 6:33 PM
F11049896: D8469.id.diff
Thu, Aug 10, 6:33 PM
F11035709: D8469.diff
Wed, Aug 9, 6:14 PM
F10850890: D8469.id20267.diff
Jun 12 2023, 7:49 AM
F10849300: D8469.id20276.diff
Jun 11 2023, 7:02 PM
F10844482: D8469.id20277.diff
Jun 10 2023, 9:10 PM
View All 11 Files
Subscribers
JoshStrobl
Tokens
"Love" token, awarded by serebit."Like" token, awarded by algent.

Details

Reviewers
None
Group Reviewers
Triage Team
Commits
R755:25bf9b3052c0: Update firefox to 74.0
Summary

Security:

  • CVE-2020-6805: Use-after-free when removing data about origins
  • CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
  • CVE-2020-6807: Use-after-free in cubeb during stream destruction
  • CVE-2020-6808: URL Spoofing via javascript: URL
  • CVE-2020-6809: Web Extensions with the all-urls permission could access local files
  • CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
  • CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  • CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
  • CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
  • CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
  • CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
  • CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74

Release notes available here

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Browsed a few websies

Diff Detail

Repository
R755 firefox
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kyrios123 created this revision.Mar 11 2020, 5:52 AM
Herald added a reviewer: Triage Team. · View Herald TranscriptMar 11 2020, 5:52 AM
kyrios123 requested review of this revision.Mar 11 2020, 5:52 AM
kyrios123 added inline comments.Mar 11 2020, 5:52 AM
abi_used_libs
39

no idea why this guy is gone

algent awarded a token.Mar 11 2020, 7:59 AM
serebit awarded a token.Mar 11 2020, 5:28 PM
JoshStrobl added a subscriber: JoshStrobl.Mar 11 2020, 9:21 PM

They removed that support and call set_startup_id in GTK directly now: https://hg.mozilla.org/mozilla-central/rev/f9cf5980bce9

Can remove the pkgconfig and push after that, looked good otherwise.

kyrios123 updated this revision to Diff 20276.Mar 12 2020, 9:38 AM

Drop pkgconfig(libstartup-notification-1.0)

This revision was not accepted when it landed; it landed in state Needs Review.Mar 12 2020, 9:38 AM
Closed by commit R755:25bf9b3052c0: Update firefox to 74.0 (authored by kyrios123). · Explain Why
This revision was automatically updated to reflect the committed changes.
kyrios123 added a commit: R755:25bf9b3052c0: Update firefox to 74.0.

Revision Contents
Changeset List

PathSize
1 line
8 lines
14 lines

Diff 20267

View Options

abi_used_libs

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.