As I was browsing through UXP-related repositories, I stumbled upon this PR on GitHub, which was published nearly a year ago in a severely outdated repository from former contributor "janekptacijarabaci". "TrellixVulnTeam" proposed a patch for CVE-2007-4559 in it. I was curious whether this was addressed in the main repository on this page and saw that the concerned file was not edited since the beginning of the hard fork of Firefox 52 ESR. As I am not familiar with the codebase of PM, I would like to ask if this issue is relevant.
The link to the concerned PR is: https://github.com/janekptacijarabaci/UXP/pull/1
A kind reminder we would like all registered users to weigh in on one of our forum's security policies.
Please take a moment to read this thread and place a vote.
https://forum.palemoon.org/viewtopic.php?f=17&t=32935
Please take a moment to read this thread and place a vote.
https://forum.palemoon.org/viewtopic.php?f=17&t=32935
A relevant security-related bug?
Moderators: trava90, athenian200
-
Moonchild
- Pale Moon guru
- Posts: 38503
- Joined: 2011-08-28, 17:27
- Location: Sweden
Re: A relevant security-related bug?
Completely irrelevant. It relates to a python implementation of a docker framework for taskcluster scripting. This code is for internal automation by Mozilla only, is not exercised by us, and even if it was, it would never be exposed to foreign code (it would require a maliciously crafted .tar to be exploitable) and is in no way relevant or included in our compiled products.
"There is no point in arguing with an idiot, because then you're both idiots." - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite