![]() The concern that “new features mean new bugs” is what leads some users to stick to ESR releases in the first place. This is a further set of possible security bugs patched only in the latest major version, but not in the current ESR 102.13 release, presumably because these bugs were introduced via new features added since version 102 came out last year. CVE-2023-37212: Memory safety bugs fixed in Firefox 115.As usual, Mozilla is candid enough to admit, even for bugs found automatically that might ultimately turn out not to be dangerous, “We presume that with enough effort some of these could have been exploited to run arbitrary code.” CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13.Unless, of course, the JavaScript engine itself contains an exploitable bug, allowing what’s known in the jargon as a security escape or a sandbox escape. ![]() Running externally supplied JavaScript is supposed to be “mostly harmless”, because browser JavaScript engines deliberately limit the damage that remote JavaScript code can do. SpiderMonkey is the Mozilla software component responsible for handling JavaScript code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |