搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update .

  • 4 回覆
  • 1 有這個問題
  • 13 次檢視
  • 最近回覆由 rsblanchard

more options

I was informed, that v84.0.2 had a critical security flaw, but cannot find, a more-recent update -- What happened ?

被選擇的解決方法

I think it's worded in a confusing way:

The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/

COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/

從原來的回覆中察看解決方案 👍 0

所有回覆 (4)

more options

Where did you read that?

Firefox 84.0.2 fixed this problem: https://www.mozilla.org/security/advisories/mfsa2021-01/

有幫助嗎?

more options

I was informed by a Kim Komando e-mail, that v84.0.2 HAD a security-problem, for which there was an update .

NOT, ,that it had SOLVED a security-problem .

有幫助嗎?

more options

選擇的解決方法

I think it's worded in a confusing way:

The update from Mozilla specifically fixes a loophole in Firefox 84.0.2, Firefox for Android 84.1.3 and Firefox ESR 78.6.1. In a blog post, Mozilla explained, “A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.” https://www.komando.com/security-privacy/browser-security-patches/773973/

COOKIE-ECHO is the bug that was fixed earlier this month in Firefox 84.0.2. Meaning, the fix for the bug was in Firefox 84.0.2, not that the bug was in Firefox 84.0.2. Mozilla wouldn't release a security bulletin for a bug that isn't fixed yet. https://www.mozilla.org/security/advisories/mfsa2021-01/

由 jscher2000 於 修改

有幫助嗎?

more options

"The update from Mozilla specifically fixes a loophole in Firefox 84.0.2" -- so, I read this, as "there was a loophole, in Firefox v84.0.2", but, apparently, it was meant, that there was a loophole, in the prior-version .

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先 登入您的帳號 來回覆文章。請 開始一個新問題