firefox-bin: 62.0.2 -> 62.0.3 [critical security fixes]

Browse Source

This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12386: Type confusion in JavaScript
  A vulnerability in register allocation in JavaScript can lead to type
  confusion, allowing for an arbitrary read and write. This leads to
  remote code execution inside the sandboxed content process when
  triggered.

- CVE-2018-12387
  A vulnerability where the JavaScript JIT compiler inlines
  Array.prototype.push with multiple arguments that results in the stack
  pointer being off by 8 bytes after a bailout. This leaks a memory
  address to the calling function which can be used as part of an
  exploit inside the sandboxed content process.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/

...

This commit is contained in:

Andreas Rammhold 2018-10-03 09:35:34 +02:00

parent a88b8da554

commit 64d02660cb

No known key found for this signature in database

GPG Key ID: E432E410B5E48C86

1 changed files with 397 additions and 397 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

794

pkgs/applications/networking/browsers/firefox-bin/release_sources.nix

View File

File diff suppressed because it is too large Load Diff