Opened 6 months ago
Last modified 3 months ago
#29049 new enhancement
Backport JS Poison Patch
| Reported by: | tom | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-security, TorBrowserTeam201903, GeorgKoppen201903, ff68-esr-will-have |
| Cc: | Actual Points: | ||
| Parent ID: | #28707 | Points: | |
| Reviewer: | Sponsor: |
Description
https://bugzilla.mozilla.org/show_bug.cgi?id=981991
This will make reading a freed object crash instead of succeeding.
Child Tickets
Change History (9)
comment:1 Changed 6 months ago by
| Component: | - Select a component → Applications/Tor Browser |
|---|---|
| Owner: | set to tbb-team |
comment:2 Changed 6 months ago by
| Keywords: | TorBrowserTeam201901 tbb-security added |
|---|---|
| Type: | defect → enhancement |
comment:3 Changed 5 months ago by
| Keywords: | TorBrowserTeam201902 added; TorBrowserTeam201901 removed |
|---|
comment:4 Changed 5 months ago by
| Keywords: | GeorgKoppen201902 added |
|---|
comment:5 Changed 4 months ago by
| Keywords: | TorBrowserTeam201903 added; TorBrowserTeam201902 removed |
|---|
Moving my tickets to March.
comment:6 Changed 4 months ago by
| Keywords: | GeorgKoppen201903 added; GeorgKoppen201902 removed |
|---|
Now for my keyword.
comment:8 Changed 4 months ago by
It seems we want to have at least https://bugzilla.mozilla.org/show_bug.cgi?id=1415852 as well for AlwaysPoison(). This gets slightly more complicated than I had hoped. Thus, I am not sure whether we should actually backport that ourselves. I guess really cool would be an esr60 patch Mozilla folks working on those bugs do like.
comment:9 Changed 3 months ago by
| Keywords: | ff68-esr-will-have added; tbb-8.5 removed |
|---|
Whatever we do in the meantime we'll get this with ff68-esr
Note: See
TracTickets for help on using
tickets.
Moving tickets to February.