Opened 4 weeks ago

Closed 3 weeks ago

#2556 closed defect (fixed)

FireFox CVE-2019-11707: Type confusion in Array.pop

Reported by: anonymous maybe Owned by: Meeh
Priority: critical Milestone: undecided
Component: apps/browser Version: n/a
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

All types of Firefox and TBB and so as I2P Browser are now effected to:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707

Mozilla firefox now upgraded through all channels , TBB didnt push the update yet.

So better to be aware of that on the current version of I2PBrowser is effected to this vulnerability.

Subtickets

Change History (5)

comment:1 Changed 4 weeks ago by anonymous maybe

Update: Tor Project has pushed the latest fixation for TBB.

I2PBrowser left to fix it

comment:2 Changed 4 weeks ago by Meeh

Yea then we'll push one soon as well.

comment:3 Changed 4 weeks ago by Meeh

TBB is gonna come with a release as well, but they also seemingly think "safer" and "safest" security levels in their browser is not affected. We don't got that so I have to assume we're vulnerable then.

comment:5 Changed 3 weeks ago by Meeh

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.