Opened 6 months ago

Last modified 3 months ago

#29049 new enhancement

Backport JS Poison Patch

Reported by: tom Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, TorBrowserTeam201903, GeorgKoppen201903, ff68-esr-will-have
Cc: Actual Points:
Parent ID: #28707 Points:
Reviewer: Sponsor:

Description

https://bugzilla.mozilla.org/show_bug.cgi?id=981991

This will make reading a freed object crash instead of succeeding.

Child Tickets

Change History (9)

comment:1 Changed 6 months ago by tom

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:2 Changed 6 months ago by gk

Keywords: TorBrowserTeam201901 tbb-security added
Type: defectenhancement

comment:3 Changed 5 months ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:4 Changed 5 months ago by gk

Keywords: GeorgKoppen201902 added

comment:5 Changed 4 months ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving my tickets to March.

comment:6 Changed 4 months ago by gk

Keywords: GeorgKoppen201903 added; GeorgKoppen201902 removed

Now for my keyword.

comment:7 Changed 4 months ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:8 Changed 4 months ago by gk

It seems we want to have at least https://bugzilla.mozilla.org/show_bug.cgi?id=1415852 as well for AlwaysPoison(). This gets slightly more complicated than I had hoped. Thus, I am not sure whether we should actually backport that ourselves. I guess really cool would be an esr60 patch Mozilla folks working on those bugs do like.

comment:9 Changed 3 months ago by gk

Keywords: ff68-esr-will-have added; tbb-8.5 removed

Whatever we do in the meantime we'll get this with ff68-esr

Note: See TracTickets for help on using tickets.