Outdated and Minified JavaScript

UNCONFIRMED
Unassigned

Status

()

enhancement
UNCONFIRMED
10 months ago
5 months ago

People

(Reporter: luis.merino, Unassigned)

Tracking

(Depends on 1 bug, Blocks 1 bug, {sec-audit})

61 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

10 months ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180808222917

Steps to reproduce:

In directory toolkit/components/normandy/vendor of the Mozilla Firefox source code a https://reactjs.org/ was found in version 15.6.1. The current release is version 16.5 and version 15.6.2. has been released as well. These updates do not fix any obvious security issues for this version, but contain stability fixes.

Due to the obfuscation caused by the minifying process, it is not instantly clear which version is shipped and whether it should be updated.

X41 recommends to note the version in use along with the JavaScript source files and establish a process to keep track whether there are security update released for these third party libraries.

Updated

10 months ago
Blocks: 1476958
Group: firefox-core-security
Component: Untriaged → Normandy Client
Keywords: sec-audit
Depends on: 1520362
You need to log in before you can comment on or make changes to this bug.