Closed
Bug 1786818
(CVE-2022-46884)
Opened 3 years ago
Closed 3 years ago
always hold a ref while ticking the refresh driver
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
106 Branch
People
(Reporter: tnikkel, Assigned: tnikkel)
Details
(Keywords: csectype-uaf, sec-moderate, Whiteboard: [post-critsmash-triage][adv-main106+r])
Attachments
(2 files)
Two places don't seem to
The first is inside svg images, and those documents have scripting restricted I believe so a tick can do less than in a general document.
The second is test only code that you need privileges for.
So this doesn't seem to be a big deal.
Noticed these while looking into bug 1762368.
|
Assignee | |
Comment 1•3 years ago
|
||
|
||
Updated•3 years ago
|
Assignee: nobody → tnikkel
Status: NEW → ASSIGNED
|
||
Updated•3 years ago
|
Group: core-security → layout-core-security
Keywords: csectype-uaf,
sec-moderate
|
||
Updated•3 years ago
|
Severity: -- → S3
|
||
Comment 2•3 years ago
|
||
r=mstange
https://hg.mozilla.org/integration/autoland/rev/a7d197f8bec37ab39391dcb6e5163365b755d477
https://hg.mozilla.org/mozilla-central/rev/a7d197f8bec3
Group: layout-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox106:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
|
||
Updated•3 years ago
|
status-firefox104:
--- → wontfix
status-firefox105:
--- → wontfix
status-firefox-esr102:
--- → wontfix
status-firefox-esr91:
--- → wontfix
|
||
Updated•3 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
|
||
Updated•3 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main106+r]
|
|
||
Comment 3•3 years ago
|
||
|
|
||
Updated•3 years ago
|
Alias: CVE-2022-46884
|
||
Updated•3 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•