Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update .

  • 4 replies
  • 1 has this problem
  • 13 views
  • Last reply by rsblanchard

more options

I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update -- What happened ?

Chosen solution

I think it's worded in a confusing way:

The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/

COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/

Read this answer in context 👍 0

All Replies (4)

more options

Where did you read that?

Firefox 84.0.2 fixed this problem: https://www.mozilla.org/security/advisories/mfsa2021-01/

Helpful?

more options

I was informed by a Kim Komando e-mail, that v84.0.2 HAD a security-problem, for which there was an update .

NOT, ,that it had SOLVED a security-problem .

Helpful?

more options

Chosen Solution

I think it's worded in a confusing way:

The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/

COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/

Modified by jscher2000

Helpful?

more options

"The update from Mozilla specifically fixes a loophole in Firefox 84.0.2" -- so, I read this, as "there was a loophole, in Firefox v84.0.2", but, apparently, it was meant, that there was a loophole, in the prior-version .

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.