Backport ESR 102.5 security fixes to 91.13-based Tor Browser

Advisories: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/

CVE-2022-45403: Service Workers might have learned size of cross-origin media files

https://bugzilla.mozilla.org/show_bug.cgi?id=1762078

CVE-2022-45404: Fullscreen notification bypass

https://bugzilla.mozilla.org/show_bug.cgi?id=1790815

CVE-2022-45405: Use-after-free in InputStream implementation

https://bugzilla.mozilla.org/show_bug.cgi?id=1791314

CVE-2022-45406: Use-after-free of a JavaScript Realm

https://bugzilla.mozilla.org/show_bug.cgi?id=1791975

CVE-2022-45408: Fullscreen notification bypass via windowName

https://bugzilla.mozilla.org/show_bug.cgi?id=1793829

CVE-2022-45409: Use-after-free in Garbage Collection

https://bugzilla.mozilla.org/show_bug.cgi?id=1796901

CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy

https://bugzilla.mozilla.org/show_bug.cgi?id=1658869

CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers

https://bugzilla.mozilla.org/show_bug.cgi?id=1790311

CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers

https://bugzilla.mozilla.org/show_bug.cgi?id=1791029

CVE-2022-45416: Keystroke Side-Channel Leakage

https://bugzilla.mozilla.org/show_bug.cgi?id=1793676

CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI

https://bugzilla.mozilla.org/show_bug.cgi?id=1795815
- too much code churn over the past 1.5 years to apply

CVE-2022-45420: Iframe contents could be rendered outside the iframe

https://bugzilla.mozilla.org/show_bug.cgi?id=1792643

CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

https://bugzilla.mozilla.org/show_bug.cgi?id=1794061
- too much code churn to apply
https://bugzilla.mozilla.org/show_bug.cgi?id=1767920
https://bugzilla.mozilla.org/show_bug.cgi?id=1789808

Edited Nov 16, 2022 by morgan

Assignee Loading

Time tracking Loading