Waterfox: (Mozilla 1462682, changeset 467911:784deba19077) (MFSA 2018-14) (CVE-2018-6126) Skia path bounds rounding fix | r=rhunt, a=RyanVM

Created on 10 Jun 2018 · 7Comments · Source: MrAlex94/Waterfox

www/waterfox/files/patch-bug1462682 at https://github.com/freebsd/freebsd-ports-kde/commit/26d58abf78a1a86eee3ad9472c0f74ea0fc12659#diff-65d123a91cc0e06c9fb71d68b3e3a83f is one of three files changed in www/waterfox: apply some FF61 fixes · freebsd/freebsd-ports-kde@26d58ab committed by @jbeich

Users of Waterfox on other platforms (Linux, Mac OS X, Windows) may consider the preferences at:

about:config?filter=skia

Additional information

Skia Graphics Library

Skia has just been updated to match release branch. Please build and test! · Issue #553 · MrAlex94/Waterfox (2018-05-12, closed 2018-05-23)

mozilla-unified: changeset 467911:784deba19077 (2018-05-25

Security vulnerabilities fixed in Firefox 60.0.2, ESR 60.0.2, and ESR 52.8.1 — Mozilla (2018-06-06) refers to one vulnerability and one Mozilla bug:

CVE - CVE-2018-6126 (2018-01-23)
1462682

Access Denied

https://redd.it/8pkxqr (2018-06-08)

Meta, tracking

538

Source

grahamperrin

All 7 comments

@grahamperrin you might want to check the other security bugs fixed on ESR channel to see if applicable to Waterfox. Compare branch

Some of these are security bugs but not listed in https://github.com/mozilla/foundation-security-advisories

PandaCodex on 10 Jun 2018

👍1

@PandaCodex thanks, I made this issue specific to CVE-2018-6126 primarily in response to the concern that was raised in Reddit.

On one hand, a pull request to fix this (one) issue might aim to also address other security issues.

On the other hand, mindful of both:

security-oriented https://github.com/MrAlex94/Waterfox/issues/531#issuecomment-389107517 and other comments; and
the urgency expressed in another meta issue #567

– I should lean towards a focused PR that will be actionable with minimal perceived delay.

That's just my two-penneth, as an interested observer. Whilst I'm not well-placed to open the PR (I'm a muddler), https://hg.mozilla.org/mozilla-unified/rev/784deba19077 does (from my uneducated PoV) appear simple, so I should encourage anyone who has, or would like, the skill set to have a go at a PR :-)

grahamperrin on 10 Jun 2018

https://github.com/MrAlex94/Waterfox/commit/8696eddae3c43cdec8b1cd0453808a5852982f44

MrAlex94 on 12 Jun 2018

👍1

@PandaCodex

Off-topic: Any chance of porting https://github.com/InternalError503/cyberfox/commit/23f3219477b46e538f4e146c6614fe33947b10dd and https://github.com/InternalError503/cyberfox/commit/a2745ef924fa7b406b4452f9cbb9fd305d9a340c over? Having those two features would be great.

Peacock365 on 14 Jun 2018

👍1

Off-topic: Any chance of porting InternalError503/cyberfox@23f3219 and InternalError503/cyberfox@a2745ef over? Having those two features would be great.

Off-topic: @Peacock365 Sure i can do that currently working on a security bug in another program but once done will create PR's for waterfox.

PandaCodex on 16 Jun 2018

@MrAlex94 Were all the other security bugs applied to the latest release of Waterfox. Some were not posted in the advisories but were patched in latest Firefox release so if you only patched the security bug from https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ then some are missing in current Waterfox release

PandaCodex on 16 Jun 2018

Let's aim for discussion of open issues in the open area (not under a closed issue). Thanks.

grahamperrin on 16 Jun 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Waterfox treating signed addons as unsigned

laniakea64 · 96Comments

Youtube video seems to crash Waterfox content process

mzso · 31Comments

User Agent Override Requests

MrAlex94 · 64Comments

Waterfox web site issues (meta)

grahamperrin · 41Comments

confused how to fix linux waterfox 59.2.9 (unable install add-ons/themes)

linuxgirl22 · 31Comments