Closed Bug 1842969 Opened 2 years ago Closed 2 years ago

Security Advisory mfsa2023-26 for firefox-115.0.2 is ambiguous re impact.

Categories

(www.mozilla.org :: Release notes, defect)

Product:
www.mozilla.org
Component:
Release notes
Version:
Production
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: zarniwhoop, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

I read https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/

Actual results:

The advisory rates the impact as High, but there is only one item, CVE-2023-3600 and that is only rated as Moderate.

Expected results:

Normally, the impact in the advisory matches the highest impact listed in the advisory. In this case I assume that High is indeed correct.

Component: General → Release notes
Product: Release Engineering → www.mozilla.org
QA Contact: jlorenzo
Version: unspecified → Production

Thanks for the report! I apologize for the mistake, the impact is high. It was a copy/paste mistake from doing a one-off advisory.

https://github.com/mozilla/foundation-security-advisories/commit/a20bf1c6062a9f3d98ffd4e21bd5b59556ecde71

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.