MFSA 2018-10 & Waterfox

General discussion about web technology.
Post Reply
kukla
Senior Member
Posts: 317
Joined: Mon May 04, 2009 12:08 am

MFSA 2018-10 & Waterfox

Post by kukla »

WF just got the 56.1, two weeks to the day that Mozilla released patches for 59 and esr. But as soon as it was released, yesterday I believe, Mozilla released new patches for the Quantum and esr versions, 59.0.3 and 52.7.3. Impact: High: https://www.mozilla.org/en-US/security/ ... sa2018-10/

I can't begin to understand what this security patch is about--way above my head--but, left unpatched, is this anything that NoScript can even begin to protect against?

https://www.mozilla.org/en-US/security/ ... sa2018-10/

Going forward, very concerned about the security of WF being provided by one very conscientious, but very overworked developer.
Last edited by barbaz on Tue Mar 27, 2018 8:31 pm, edited 1 time in total.
Reason: more descriptive title
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: MFSA 2018-10 & Waterfox

Post by barbaz »

https://github.com/MrAlex94/Waterfox/issues/493
kukla wrote: left unpatched, is this anything that NoScript can even begin to protect against?
I would think so. Even when a vuln can be triggered without active content, it generally isn't actually exploitable without active content.
*Always* check the changelogs BEFORE updating that important software!
-
kukla
Senior Member
Posts: 317
Joined: Mon May 04, 2009 12:08 am

Re: MFSA 2018-10 & Waterfox

Post by kukla »

A bit puzzled by the "more descriptive" title:

Methodist Federation for Social Action

Motley Fool Stock Advisor

Mesquite Fastpitch Softball Association (my first pick--makes the most sense :lol: )

Mozilla Foundation Security Advisory??? (last on my list, and wouldn't bet the ranch on that one.)

Thanks for you take on this. Guess we'll have to know more.

EDIT: Looks like you're on the right track with NS blocking WebGL: "Windows doesn't use OpenGL compositing by default, Linux/BSDs/Solaris are yet to enable, so this probably mainly affects Android/OSX . In the meantime, ESR52 got more secfixes."

https://github.com/MrAlex94/Waterfox/issues/493
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0
Post Reply