[Security approval request comment] How easily could an exploit be constructed based on the patch? IMO there is no clear indication about scenarios to exploit. This will likely look like a UX decision. Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? No Which older supported branches are affected by this flaw? All versions => 112 (from https://bugzilla.mozilla.org/show_bug.cgi?id=1816059 which include the previous fix) If not all supported branches, which bug introduced the flaw? https://bugzilla.mozilla.org/show_bug.cgi?id=1816059 Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? No. Given how small the patch is, the same code can be uplifted. How likely is this patch to cause regressions; how much testing does it need? Small, straightforward change. Don't expect any issue from it.
Bug 1823316 Comment 27 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
[Security approval request comment] **How easily could an exploit be constructed based on the patch?** There is no clear indication about scenarios to exploit. This will likely look like a UX decision. **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?** No **Which older supported branches are affected by this flaw?** All versions => 112 (from https://bugzilla.mozilla.org/show_bug.cgi?id=1816059 which include the previous fix) **If not all supported branches, which bug introduced the flaw?** https://bugzilla.mozilla.org/show_bug.cgi?id=1816059 **Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be?** No. Given how small the patch is, the same code can be uplifted. **How likely is this patch to cause regressions; how much testing does it need?** Small, straightforward change. Don't expect any issue from it.