Manfred Hollstein
78e8532cd1
* Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=63
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
# HG changeset patch
|
|
# User Petr Cerny <pcerny@novell.com>
|
|
# Parent 7308e4a7c1f769f4bbbc90870b849cadd99495a6
|
|
# Parent 3399aced682c232525633755ff79b37a0be75548
|
|
Bug 634334 - call to the ntlm_auth helper fails
|
|
|
|
diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp
|
|
--- a/extensions/auth/nsAuthSambaNTLM.cpp
|
|
+++ b/extensions/auth/nsAuthSambaNTLM.cpp
|
|
@@ -148,17 +148,17 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
|
|
}
|
|
|
|
base::LaunchOptions options;
|
|
options.fds_to_remap.push_back(
|
|
std::pair{toChildPipeRead.get(), STDIN_FILENO});
|
|
options.fds_to_remap.push_back(
|
|
std::pair{fromChildPipeWrite.get(), STDOUT_FILENO});
|
|
|
|
- std::vector<std::string> argvVec{"ntlm_auth", "--helper-protocol",
|
|
+ std::vector<std::string> argvVec{"/usr/bin/ntlm_auth", "--helper-protocol",
|
|
"ntlmssp-client-1", "--use-cached-creds",
|
|
"--username", username};
|
|
|
|
auto result = base::LaunchApp(argvVec, std::move(options), &mChildPID);
|
|
if (result.isErr()) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|