Closed
Bug 1434580
Opened 6 years ago
Closed 6 years ago
Testcase for bug 1423159 fails in different place on esr52
Categories
(Core :: DOM: Events, defect)
Core
DOM: Events
Tracking
()
RESOLVED
FIXED
mozilla60
People
(Reporter: smaug, Assigned: smaug)
Details
(Keywords: csectype-uaf, sec-high, Whiteboard: [post-critsmash-triage][adv-main59+][adv-esr52.7+])
Attachments
(1 file)
1.20 KB,
patch
|
masayuki
:
review+
abillings
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr52+
abillings
:
sec-approval+
|
Details | Diff | Splinter Review |
nsCOMPtr<nsIContent> is enough to fix the issue, but ESM should be kept alive too. The patch seems to apply to trunk and esr52
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → bugs
Assignee | ||
Comment 1•6 years ago
|
||
Comment on attachment 8947067 [details] [diff] [review] esm_crash.diff [Security approval request comment] How easily could an exploit be constructed based on the patch? Crash isn't too hard, I guess Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? commit message could be -m "Bug 1434580, ensure proper mouseover handling, r=masayuki" Which older supported branches are affected by this flaw? all Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? the patch is actually written for esr52, but applies to trunk too How likely is this patch to cause regressions; how much testing does it need? Should be very safe. Just keeping objects alive a bit longer.
Attachment #8947067 -
Flags: sec-approval?
Attachment #8947067 -
Flags: review?(masayuki)
Attachment #8947067 -
Flags: approval-mozilla-esr52?
Attachment #8947067 -
Flags: approval-mozilla-beta?
Updated•6 years ago
|
Attachment #8947067 -
Flags: review?(masayuki) → review+
Updated•6 years ago
|
status-firefox-esr52:
--- → affected
tracking-firefox-esr52:
--- → ?
Updated•6 years ago
|
status-firefox58:
--- → wontfix
status-firefox59:
--- → affected
status-firefox60:
--- → affected
tracking-firefox59:
--- → ?
tracking-firefox60:
--- → ?
Updated•6 years ago
|
Updated•6 years ago
|
Keywords: csectype-uaf,
sec-high
Comment 2•6 years ago
|
||
Comment on attachment 8947067 [details] [diff] [review] esm_crash.diff sec-approval+ and beta+.
Attachment #8947067 -
Flags: sec-approval?
Attachment #8947067 -
Flags: sec-approval+
Attachment #8947067 -
Flags: approval-mozilla-beta?
Attachment #8947067 -
Flags: approval-mozilla-beta+
Updated•6 years ago
|
Assignee | ||
Comment 3•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/bfd4bdfd40b43d0491c66af5b599659427e4e795
Comment 4•6 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/bfd4bdfd40b4
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Comment 5•6 years ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/8660689b18cd
Comment 6•6 years ago
|
||
Comment on attachment 8947067 [details] [diff] [review] esm_crash.diff sec-high fix being shipped in 59, ESR 52.7 needs it too
Attachment #8947067 -
Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
Comment 7•6 years ago
|
||
Ryan, given smaug's vacation this week, is it easy for you to try landing this on esr52? Previous comments seem to indicate it should apply cleanly.
Flags: needinfo?(ryanvm)
Comment 8•6 years ago
|
||
Yeah, I'll take care of landing it. ESR52's a bit busted at the moment, but it's on the radar :)
Flags: needinfo?(ryanvm)
Comment 9•6 years ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-esr52/rev/198ad052621e
Updated•6 years ago
|
Group: dom-core-security → core-security-release
Updated•6 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Updated•6 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main59+][adv-esr52.7+]
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•