Opened 11 months ago
Closed 3 months ago
#29049 closed enhancement (fixed)
Backport JS Poison Patch
| Reported by: | tom | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-security, TorBrowserTeam201903, GeorgKoppen201903, ff68-esr-will-have |
| Cc: | Actual Points: | ||
| Parent ID: | #28707 | Points: | |
| Reviewer: | Sponsor: | Sponsor44-can |
Description
https://bugzilla.mozilla.org/show_bug.cgi?id=981991
This will make reading a freed object crash instead of succeeding.
Child Tickets
Change History (11)
comment:1 Changed 11 months ago by
| Component: | - Select a component → Applications/Tor Browser |
|---|---|
| Owner: | set to tbb-team |
comment:2 Changed 11 months ago by
| Keywords: | TorBrowserTeam201901 tbb-security added |
|---|---|
| Type: | defect → enhancement |
comment:3 Changed 10 months ago by
| Keywords: | TorBrowserTeam201902 added; TorBrowserTeam201901 removed |
|---|
comment:4 Changed 10 months ago by
| Keywords: | GeorgKoppen201902 added |
|---|
comment:5 Changed 9 months ago by
| Keywords: | TorBrowserTeam201903 added; TorBrowserTeam201902 removed |
|---|
Moving my tickets to March.
comment:6 Changed 9 months ago by
| Keywords: | GeorgKoppen201903 added; GeorgKoppen201902 removed |
|---|
Now for my keyword.
comment:8 Changed 9 months ago by
It seems we want to have at least https://bugzilla.mozilla.org/show_bug.cgi?id=1415852 as well for AlwaysPoison(). This gets slightly more complicated than I had hoped. Thus, I am not sure whether we should actually backport that ourselves. I guess really cool would be an esr60 patch Mozilla folks working on those bugs do like.
comment:9 Changed 7 months ago by
| Keywords: | ff68-esr-will-have added; tbb-8.5 removed |
|---|
Whatever we do in the meantime we'll get this with ff68-esr
comment:11 Changed 3 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
9.0a6, which is about to get built, is based on ESR 68, so closing.
Note: See
TracTickets for help on using
tickets.
Moving tickets to February.