I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update .
I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update -- What happened ?
Chosen solution
I think it's worded in a confusing way:
The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/
COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/
Read this answer in context 👍 0All Replies (4)
Where did you read that?
Firefox 84.0.2 fixed this problem: https://www.mozilla.org/security/advisories/mfsa2021-01/
I was informed by a Kim Komando e-mail, that v84.0.2 HAD a security-problem, for which there was an update .
NOT, ,that it had SOLVED a security-problem .
Chosen Solution
I think it's worded in a confusing way:
The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/
COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/
Modified
"The update from Mozilla specifically fixes a loophole in Firefox 84.0.2" -- so, I read this, as "there was a loophole, in Firefox v84.0.2", but, apparently, it was meant, that there was a loophole, in the prior-version .