Hello,
As in the title, does CVE-2023-5217 affect Pale Moon?
Have a nice weekend.
Piotr
Does CVE-2023-5217 affect Pale Moon?
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
Piotr Kostrzewski
- Lunatic
- Posts: 309
- Joined: 2018-08-14, 15:08
-
Potkeny
- Fanatic
- Posts: 163
- Joined: 2018-08-03, 17:00
Re: Does CVE-2023-5217 affect Pale Moon?
That sounds similar to viewtopic.php?f=5&t=30284&p=243495 .. huh
-
Moonchild
- Project founder
- Posts: 39279
- Joined: 2011-08-28, 17:27
- Location: Sweden
Re: Does CVE-2023-5217 affect Pale Moon?
It does not. bugs in the encoder won't affect Pale Moon as Pale Moon does not use camera access or in-browser encode video otherwise.
I'll still adopt it as a defense-in-depth for 32.4.1 for completeness (and since other applications on UXP may be affected)
"Praise from a narcissistic person is always a poison dart. They don't share the stage, so discernment matters." - Dr. Ramani
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Piotr Kostrzewski
- Lunatic
- Posts: 309
- Joined: 2018-08-14, 15:08
Re: Does CVE-2023-5217 affect Pale Moon?
Thank you very much.
Have a nice weekend.
-
Moonchild
- Project founder
- Posts: 39279
- Joined: 2011-08-28, 17:27
- Location: Sweden
Re: Does CVE-2023-5217 affect Pale Moon?
Actually I got confused for a moment there.
No this isn't the same. That one is for WebP and decoding of images. This is for VP8 video encoding.
Same lib vendor (Google) but different bugs.
"Praise from a narcissistic person is always a poison dart. They don't share the stage, so discernment matters." - Dr. Ramani
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Potkeny
- Fanatic
- Posts: 163
- Joined: 2018-08-03, 17:00
-
jobbautista9
- Board Warrior
- Posts: 1193
- Joined: 2020-11-03, 06:47
- Location: Philippines
Re: Does CVE-2023-5217 affect Pale Moon?
Off-topic:
Also doesn't help that WebP uses VP8 for its compression, I was confused as well when this vulnerability in libvpx came out
Also doesn't help that WebP uses VP8 for its compression, I was confused as well when this vulnerability in libvpx came out
Tired of creating stuff!
Avatar artwork by Shinki669: https://www.pixiv.net/artworks/113645617
XUL add-ons developer. You can find a list of add-ons I manage at http://rw.rs/~job/software.html.