search

fork-maintainers / iceraven-browser

Iceraven Browser
4.67k stars 224 forks source link

Release 117.1.0 #662

Closed SkewedZeppelin closed 1 year ago

SkewedZeppelin commented 1 year ago

Please ship 117.1.0, it has been out for nine days now and includes a critical zero-day security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

https://divestos.org/misc/ffa-dates.txt

CharmCityCrab commented 1 year ago

Ask and ye shall receive!

Iceraven 2.9.2, which incorporates the Fenix 117.1.0 patch, was made available a couple hours ago:

https://github.com/fork-maintainers/iceraven-browser/releases

My suggestion is that this issue be closed as completed.

Also, people should head over to the releases page and download and apply the update the next time they have a minute or two. As noted in the OP, it contains an important security fix.

ggtylerr commented 1 year ago

Does the new releases contain a patch for the VP8 vuln? I wasn't able to find it in the release commits but I probably missed it.

CharmCityCrab commented 1 year ago

The last two Iceraven releases have been based on Fenix 118.1 (Basically the equivalent version of Firefox for Android), and it's patched in that version of Firefox for Android, so Iceraven probably inherited the fix.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

There are essentially three components that make up Fenix/Firefox for Android. Iceraven takes up two as they in Firefox (Stripping branding only if applicable) and makes its significant changes to the other one. I can never remember the names of which part is which. But if it's in either of the two that Iceraven takes up whole, any issue would have been fixed in the first update based on 118.1 and everything after. It's only if the issue is in the third part of the browser where all the changes are in that Iceraven devs might need to more directly apply the patch (or may have done so).

I'm not able to read code and am a bit limited in technological understanding sometimes, but I believe what I said is at least roughly accurate (Perhaps without the correct terminology). There's a 2 out of 3 chance the fix was applied as part of the uptake from Fenix as long as you're using one of the two most recent Iceraven releases, and it's only in that other third where it would depend on our developers to have done something a bit more directly.

However, only a developer for Iceraven or someone who can read code (and is willing to at least figure out if it's in the part Iceraven changes and then if it is look for it in that part if it is) could tell you for sure.

Still, I hope this answer at least gives you some piece of mind until someone can give you or you can find a more definite answer. :)

Based on what I know, it's probably been patched, I just can't tell you with 100% certainty.