MFSA 2018-10 & Waterfox

[kukla]

WF just got the 56.1, two weeks to the day that Mozilla released patches for 59 and esr. But as soon as it was released, yesterday I believe, Mozilla released new patches for the Quantum and esr versions, 59.0.3 and 52.7.3. Impact: High: https://www.mozilla.org/en-US/security/ ... sa2018-10/

I can't begin to understand what this security patch is about--way above my head--but, left unpatched, is this anything that NoScript can even begin to protect against?

https://www.mozilla.org/en-US/security/ ... sa2018-10/

Going forward, very concerned about the security of WF being provided by one very conscientious, but very overworked developer.

[barbaz]

https://github.com/MrAlex94/Waterfox/issues/493

left unpatched, is this anything that NoScript can even begin to protect against?

I would think so. Even when a vuln can be triggered without active content, it generally isn't actually exploitable without active content.

[kukla]

A bit puzzled by the "more descriptive" title:

Methodist Federation for Social Action

Motley Fool Stock Advisor

Mesquite Fastpitch Softball Association (my first pick--makes the most sense )

Mozilla Foundation Security Advisory??? (last on my list, and wouldn't bet the ranch on that one.)

Thanks for you take on this. Guess we'll have to know more.

EDIT: Looks like you're on the right track with NS blocking WebGL: "Windows doesn't use OpenGL compositing by default, Linux/BSDs/Solaris are yet to enable, so this probably mainly affects Android/OSX . In the meantime, ESR52 got more secfixes."

https://github.com/MrAlex94/Waterfox/issues/493