Hello,
Do CVE-2024-29943 (Out-of-bounds access via Range Analysis bypass)
CVE-2024-29944 Privileged JavaScript Execution via Event Handlers affect Pale Moon?
They have been patched in Firefox 124.0.1.
Have a nice day and Happy Easter.
Do CVE-2024-29943 and CVE-2024-29944 affect Pale Moon?
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
Piotr Kostrzewski
- Lunatic
- Posts: 280
- Joined: 2018-08-14, 15:08
-
Moonchild
- Pale Moon guru
- Posts: 35650
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Do CVE-2024-29943 and CVE-2024-29944 affect Pale Moon?
Neither affects UXP or Pale Moon.
The first is in an arbitrary function we don't have.
The second is another electrolysis security issue (hint: whenever you see a mention of a parent process or content process, it's very unlikely to affect us)
The first is in an arbitrary function we don't have.
The second is another electrolysis security issue (hint: whenever you see a mention of a parent process or content process, it's very unlikely to affect us)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Piotr Kostrzewski
- Lunatic
- Posts: 280
- Joined: 2018-08-14, 15:08
Re: Do CVE-2024-29943 and CVE-2024-29944 affect Pale Moon?
Thank you very much.
Have a nice weekend and Happy Easter.
Have a nice weekend and Happy Easter.
-
Piotr Kostrzewski
- Lunatic
- Posts: 280
- Joined: 2018-08-14, 15:08
Re: Do CVE-2024-29943 and CVE-2024-29944 affect Pale Moon?
Ps.How to recognize parent/content process?
-
Moonchild
- Pale Moon guru
- Posts: 35650
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Do CVE-2024-29943 and CVE-2024-29944 affect Pale Moon?
Read the MFSA
https://www.mozilla.org/en-US/security/ ... sa2024-15/
it's literally mentioned in the CVE description
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Piotr Kostrzewski
- Lunatic
- Posts: 280
- Joined: 2018-08-14, 15:08
Re: Do CVE-2024-29943 and CVE-2024-29944 affect Pale Moon?
Thank youMoonchild wrote: ↑2024-03-29, 12:52
Read the MFSA
https://www.mozilla.org/en-US/security/ ... sa2024-15/
it's literally mentioned in the CVE description