Mozilla Foundation reports a/o 2017-04-19:
You may need to click to expand for discovering the full beauty of this list
Well they discovered the bugs. And they fixed the bugs. Aren't they the heros of coders?
But .... wait a moment ...
Doesn't this mean that we all did run a bogous software without knowing anything of it?
Next line suitable for most readers:
Some bugs might have existed before the publication of the bug report.
Skip next line as reading might hurt those suffering from anxiety and/or paranoia and the like:
Obviously the bugs have existed before the publication of the bug report and some of them existed long time before and some were exploited by third parties.
The truly advantage of the patching game is, that you can have a deep sleep enjoying sweet dreams of having installed secure software. This game is broken by design.
Firefox here is only the example of the day while such is true for all huge software products which is true for all bloated browsers. So keep your flames starting browser wars here.
Shouldn't a disclaimer like this be popped up after each update:
Our product is known to the public for being secure and safe to use. We do work hard to erase this rumors. After updating/upgrading you are running the patched software with all the bugs we might fix on the next patchday including those we will not fix. Furthermore with updates/upgrades you receive our latest bugs which we might fix some day or never.
You may need to click to expand for discovering the full beauty of this list
http://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html said:CVE-2017-5433: Use-after-free in SMIL animation functions
CVE-2017-5435: Use-after-free during transaction processing in the editor
CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
CVE-2017-5459: Buffer overflow in WebGL
CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
CVE-2017-5434: Use-after-free during focus handling
CVE-2017-5432: Use-after-free in text input selection
CVE-2017-5460: Use-after-free in frame selection
CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
CVE-2017-5441: Use-after-free with selection during scroll events
CVE-2017-5442: Use-after-free during style changes
CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
CVE-2017-5443: Out-of-bounds write during BinHex decoding
CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
CVE-2017-5447: Out-of-bounds read during glyph processing
CVE-2017-5465: Out-of-bounds read in ConvolvePixel
CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
CVE-2017-5437: Vulnerabilities in Libevent library
CVE-2017-5454: Sandbox escape allowing file system read access through file picker
CVE-2017-5455: Sandbox escape through internal feed reader APIs
CVE-2017-5456: Sandbox escape allowing local file system access
CVE-2017-5469: Potential Buffer overflow in flex-generated code
CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
CVE-2017-5451: Addressbar spoofing with onblur event
CVE-2017-5462: DRBG flaw in NSS
CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
CVE-2017-5467: Memory corruption when drawing Skia content
CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
CVE-2017-5468: Incorrect ownership model for Private Browsing information
CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
Well they discovered the bugs. And they fixed the bugs. Aren't they the heros of coders?
But .... wait a moment ...
Doesn't this mean that we all did run a bogous software without knowing anything of it?
Next line suitable for most readers:
Some bugs might have existed before the publication of the bug report.
Skip next line as reading might hurt those suffering from anxiety and/or paranoia and the like:
Obviously the bugs have existed before the publication of the bug report and some of them existed long time before and some were exploited by third parties.
The truly advantage of the patching game is, that you can have a deep sleep enjoying sweet dreams of having installed secure software. This game is broken by design.
Firefox here is only the example of the day while such is true for all huge software products which is true for all bloated browsers. So keep your flames starting browser wars here.
Shouldn't a disclaimer like this be popped up after each update:
Our product is known to the public for being secure and safe to use. We do work hard to erase this rumors. After updating/upgrading you are running the patched software with all the bugs we might fix on the next patchday including those we will not fix. Furthermore with updates/upgrades you receive our latest bugs which we might fix some day or never.