Security warning: use-after-free issue in expat

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
LigH1L
Fanatic
Fanatic
Posts: 116
Joined: 2013-02-22, 19:08
Location: rural central Germany

Security warning: use-after-free issue in expat

Unread post by LigH1L » 2022-09-28, 08:43

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c

Just in case you ever derived your code from it...

via Fefes Blog
Fun and success!

User avatar
jobbautista9
Astronaut
Astronaut
Posts: 577
Joined: 2020-11-03, 06:47
Location: Philippines
Contact:

Re: Security warning: use-after-free issue in expat

Unread post by jobbautista9 » 2022-09-28, 12:16

Mozilla is tracking this in bug #1791598, fyi.
Mima greets you padoru padoru!

Developer of Ambassador in Window Menu, BrowserTickTock, CacheSwitch, Chrome Navigator, Cite4Wiki, Clickity Touch 'n Push, ColorPili, EditDatContent, EditDatTitle, Esrever, Go Menu, User Agent Status, Website Navigation Bar, and Yet Another about:config Helper.

My PGP public key (My copy on rw.rs)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 33007
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Security warning: use-after-free issue in expat

Unread post by Moonchild » 2022-09-28, 13:11

"The best revenge is to not be like the person who wronged you." -- Marcus Aurelius
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb

Post Reply