Waterfox: CVE-2020-6819, 2020-6820

Via https://old.reddit.com/r/waterfox/comments/fut40n/202004_emergency_security_fixes_in_firefox/fmfl79r/:

• https://github.com/mozilla/gecko-dev/commit/bfc20e2014c09cd9dbd468b01c230fb005c4f5a5 Bug 1620818 - Release nsDocShell::mContentViewer properly. r=nika,peterv a=dveditz
• https://github.com/mozilla/gecko-dev/commit/064b0f9501ad76802853b43f18e33d8713fd54d3 Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM

1620818

Classic: https://github.com/MrAlex94/Waterfox/commit/93a181e4ab88983dd98eb1ae3113ccbb68bd30bd

Current: https://github.com/MrAlex94/Waterfox/blob/cba439eb7050bc0b2c4f5c01f93cdea2a042fa05/docshell/base/nsDocShell.cpp#L419

– the lines below seem quite different, at a glance.

1626728

Classic: https://github.com/MrAlex94/Waterfox/commit/e2c2e3bb203af673fa40cc9211b441fb67b52b4d

Current: https://github.com/MrAlex94/Waterfox/blob/265e6721798a455604328ed5262f430cfcc37c2f/dom/cache/StreamList.cpp#L136

– I guess.

This is pretty serious...it's being actively exploited.

Firefox patched it and did an emergency release so surely someone can merge those changes? We probably will need fresh builds too @MrAlex94

I'm doing a test build of my fork right now...
https://github.com/ilikenwf/Waterfox/commits/current

I’m including the security patches from today, due either later or tomorrow. There’s one left to implement that’s been a bit of a pain.

Waterfox 2020.04 Release

after installing this version my waterfox classic still says 2020.03.1 (64-bit)

edit:
but signature date is 2020-04-08 14:35:00 according
https://www.virustotal.com/gui/file/c4ec589573e8590f958ead8aced3a16e0a6411bd475b5b91de3e99b99a107985/details~~