search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

firefox: security update to 62.0 #1369

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

CVE IDs (if any)

CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2017-16541, CVE-2018-12381, CVE-2018-12382, CVE-2018-12383, CVE-2018-12375, CVE-2018-12376

Other security advisory IDs (if any)

USN-3761-1

Patches (if any)

N/A

PoC(s) (if any)

N/A

Additional descriptions (if applicable)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378)

It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383)

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/7dda96c5021758ce77a400a268560c97ea61199e. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0395.