Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Learn More

I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update .

  • 4 ответа
  • 1 имеет эту проблему
  • 13 просмотров
  • Последний ответ от rsblanchard

more options

I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update -- What happened ?

Выбранное решение

I think it's worded in a confusing way:

The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/

COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/

Прочитайте этот ответ в контексте 👍 0

Все ответы (4)

more options

Where did you read that?

Firefox 84.0.2 fixed this problem: https://www.mozilla.org/security/advisories/mfsa2021-01/

Полезно?

more options

I was informed by a Kim Komando e-mail, that v84.0.2 HAD a security-problem, for which there was an update .

NOT, ,that it had SOLVED a security-problem .

Полезно?

more options

Выбранное решение

I think it's worded in a confusing way:

The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/

COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/

Изменено jscher2000

Полезно?

more options

"The update from Mozilla specifically fixes a loophole in Firefox 84.0.2" -- so, I read this, as "there was a loophole, in Firefox v84.0.2", but, apparently, it was meant, that there was a loophole, in the prior-version .

Полезно?

Задать вопрос

Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.