WF just got the 56.1, two weeks to the day that Mozilla released patches for 59 and esr. But as soon as it was released, yesterday I believe, Mozilla released new patches for the Quantum and esr versions, 59.0.3 and 52.7.3. Impact: High: https://www.mozilla.org/en-US/security/ ... sa2018-10/
I can't begin to understand what this security patch is about--way above my head--but, left unpatched, is this anything that NoScript can even begin to protect against?
https://www.mozilla.org/en-US/security/ ... sa2018-10/
Going forward, very concerned about the security of WF being provided by one very conscientious, but very overworked developer.
MFSA 2018-10 & Waterfox
MFSA 2018-10 & Waterfox
Last edited by barbaz on Tue Mar 27, 2018 8:31 pm, edited 1 time in total.
Reason: more descriptive title
Reason: more descriptive title
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0
Re: MFSA 2018-10 & Waterfox
https://github.com/MrAlex94/Waterfox/issues/493
I would think so. Even when a vuln can be triggered without active content, it generally isn't actually exploitable without active content.kukla wrote: left unpatched, is this anything that NoScript can even begin to protect against?
*Always* check the changelogs BEFORE updating that important software!
-
Re: MFSA 2018-10 & Waterfox
A bit puzzled by the "more descriptive" title:
Methodist Federation for Social Action
Motley Fool Stock Advisor
Mesquite Fastpitch Softball Association (my first pick--makes the most sense )
Mozilla Foundation Security Advisory??? (last on my list, and wouldn't bet the ranch on that one.)
Thanks for you take on this. Guess we'll have to know more.
EDIT: Looks like you're on the right track with NS blocking WebGL: "Windows doesn't use OpenGL compositing by default, Linux/BSDs/Solaris are yet to enable, so this probably mainly affects Android/OSX . In the meantime, ESR52 got more secfixes."
https://github.com/MrAlex94/Waterfox/issues/493
Methodist Federation for Social Action
Motley Fool Stock Advisor
Mesquite Fastpitch Softball Association (my first pick--makes the most sense )
Mozilla Foundation Security Advisory??? (last on my list, and wouldn't bet the ranch on that one.)
Thanks for you take on this. Guess we'll have to know more.
EDIT: Looks like you're on the right track with NS blocking WebGL: "Windows doesn't use OpenGL compositing by default, Linux/BSDs/Solaris are yet to enable, so this probably mainly affects Android/OSX . In the meantime, ESR52 got more secfixes."
https://github.com/MrAlex94/Waterfox/issues/493
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0