### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: The patch itself doesn't give much away (intentionally vague commit message, avoids calling the new deathgrip a deathgrip): an attacker would need to figure out something like the test case attached in order to hit the uaf, and even then, it would be harder without fuzzing enabled. I don't think an attack could easily be constructed from the patch. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: No * **Which older supported branches are affected by this flaw?**: All * **If not all supported branches, which bug introduced the flaw?**: All are * **Do you have backports for the affected branches?**: Yes * **If not, how different, hard to create, and risky will they be?**: I believe the patch should graft onto other trees (though I have not manually attempted the graft). * **How likely is this patch to cause regressions; how much testing does it need?**: Low IMO: the patch is simple (changes a raw ptr to a RefPtr) to prolong the life of an object. The only possible regression I foresee is shutdown hangs or similar, but have not encountered any in my testing. I don't think we need any further testing.
Bug 1547757 Comment 14 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: The patch itself doesn't give much away (intentionally vague commit message, avoids calling the new deathgrip a deathgrip): an attacker would need to figure out something like the test case attached in order to hit the uaf, and even then, it would be harder without fuzzing enabled. I don't think an attack could easily be constructed from the patch. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: No * **Which older supported branches are affected by this flaw?**: All * **If not all supported branches, which bug introduced the flaw?**: All are * **Do you have backports for the affected branches?**: Yes * **If not, how different, hard to create, and risky will they be?**: I believe the patch should graft onto other trees (though I have not manually attempted the graft). * **How likely is this patch to cause regressions; how much testing does it need?**: Low IMO: the patch is simple: changes a raw ptr to a RefPtr to prolong the life of an object. The only possible regression I foresee is shutdown hangs or similar, but have not encountered any in my testing. I don't think we need any further testing.