Page 1 of 1

Firefox 0 day

Posted: Wed Nov 30, 2016 6:16 pm
by DraconPern
There is a active 0 day for Firefox. Currently working on getting packages out as soon as possible.

Re: Firefox 0 day

Posted: Thu Dec 01, 2016 7:56 am
by evilsurfincow
Much appreciated. Saw the 45.5.1 was out quickly which addresses https://www.mozilla.org/en-US/security/ ... sa2016-91/. Next one (45.5.2?) should address https://www.mozilla.org/en-US/security/ ... sa2016-92/?


Thanks

Re: Firefox 0 day

Posted: Thu Dec 08, 2016 11:25 am
by evilsurfincow
Any guess when Mozilla Foundation Security Advisory 2016-92 will be fixed? (or does 45.5.1 address it?)

Re: Firefox 0 day

Posted: Mon Dec 12, 2016 4:06 pm
by MonkeyBoy
The 50.0.1 vulnerability was introduced in 49, which is why 45 didn't need an update to fix it.

45 did include the 50.0.2 vulnerability, which is why 45.5.1 was released. So 50.0.2 and 45.5.1 both fix the same vulnerability and there won't be a 45.5.2 unless another vulnerability is uncovered before 45.6.0 comes out.

You can look at the release notes for 50.0.1 and see that the vulnerability only applies to versions 49 and 50.