Bug#670586: iceweasel:[regression 3.5.16-13 > 14] JavaScript SIGSEGV

Mike Hommey mh at glandium.org
Fri May 11 07:27:51 UTC 2012


On Fri, May 11, 2012 at 09:10:24AM +0200, Mike Hommey wrote:
> On Thu, May 10, 2012 at 08:34:21PM +0100, Steven Chamberlain wrote:
> > Hi Mike,
> > 
> > Are we sure that iceweasel 3.5.x needed this security fix in the first
> > place?  Any ideas which issue bug #732951 referred to and if it was
> > exploitable here?
> > 
> > The CVE's only refer to versions 4.x through 11.x (I guess because those
> > are the maintained ones, though).
> 
> So, after a more thorough analysis, it turns out while the bug addressed
> in that CVE exists in 3.5, it has less dramatic consequences. It will
> "only" lead to a SEGV_ACCERR segmentation fault, instead of doing a
> buffer overflow.
> 
> I'll thus back this patch out and upload a fixed version.

I'm preparing iceweasel 3.5.16-15 and iceape 2.0.11-12. Icedove should
also need the same back out, although it is probably less likely to
crash like iceweasel and iceape. The patch to revert is
Bug-732951.-r-bsmedberg-a-akeybl.patch

Mike





More information about the pkg-mozilla-maintainers mailing list