Opened 11 months ago

Closed 3 months ago

#29049 closed enhancement (fixed)

Backport JS Poison Patch

Reported by: tom Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, TorBrowserTeam201903, GeorgKoppen201903, ff68-esr-will-have
Cc: Actual Points:
Parent ID: #28707 Points:
Reviewer: Sponsor: Sponsor44-can

Description

https://bugzilla.mozilla.org/show_bug.cgi?id=981991

This will make reading a freed object crash instead of succeeding.

Child Tickets

Change History (11)

comment:1 Changed 11 months ago by tom

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:2 Changed 11 months ago by gk

Keywords: TorBrowserTeam201901 tbb-security added
Type: defectenhancement

comment:3 Changed 10 months ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:4 Changed 10 months ago by gk

Keywords: GeorgKoppen201902 added

comment:5 Changed 9 months ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving my tickets to March.

comment:6 Changed 9 months ago by gk

Keywords: GeorgKoppen201903 added; GeorgKoppen201902 removed

Now for my keyword.

comment:7 Changed 9 months ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:8 Changed 9 months ago by gk

It seems we want to have at least https://bugzilla.mozilla.org/show_bug.cgi?id=1415852 as well for AlwaysPoison(). This gets slightly more complicated than I had hoped. Thus, I am not sure whether we should actually backport that ourselves. I guess really cool would be an esr60 patch Mozilla folks working on those bugs do like.

comment:9 Changed 7 months ago by gk

Keywords: ff68-esr-will-have added; tbb-8.5 removed

Whatever we do in the meantime we'll get this with ff68-esr

comment:10 Changed 4 months ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:11 Changed 3 months ago by gk

Resolution: fixed
Status: newclosed

9.0a6, which is about to get built, is based on ESR 68, so closing.

Note: See TracTickets for help on using tickets.