Bug#670586: iceweasel:[regression 3.5.16-13 > 14] JavaScript SIGSEGV
Moritz Muehlenhoff
jmm at inutil.org
Fri May 11 20:06:21 UTC 2012
On Fri, May 11, 2012 at 09:27:51AM +0200, Mike Hommey wrote:
> On Fri, May 11, 2012 at 09:10:24AM +0200, Mike Hommey wrote:
> > On Thu, May 10, 2012 at 08:34:21PM +0100, Steven Chamberlain wrote:
> > > Hi Mike,
> > >
> > > Are we sure that iceweasel 3.5.x needed this security fix in the first
> > > place? Any ideas which issue bug #732951 referred to and if it was
> > > exploitable here?
> > >
> > > The CVE's only refer to versions 4.x through 11.x (I guess because those
> > > are the maintained ones, though).
> >
> > So, after a more thorough analysis, it turns out while the bug addressed
> > in that CVE exists in 3.5, it has less dramatic consequences. It will
> > "only" lead to a SEGV_ACCERR segmentation fault, instead of doing a
> > buffer overflow.
> >
> > I'll thus back this patch out and upload a fixed version.
>
> I'm preparing iceweasel 3.5.16-15 and iceape 2.0.11-12. Icedove should
> also need the same back out, although it is probably less likely to
> crash like iceweasel and iceape. The patch to revert is
> Bug-732951.-r-bsmedberg-a-akeybl.patch
I think we can wait with the icedove update until the next monthly
Mozilla security update?
Cheers,
Moritz
More information about the pkg-mozilla-maintainers
mailing list