forked from pool/MozillaFirefox
a9628fa6ae
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ MFSA 2020-08 (bsc#1166238) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6808 (bmo#1247968) URL Spoofing via javascript: URL * CVE-2020-6809 (bmo#1420296) Web Extensions with the all-urls permission could access local files * CVE-2020-6810 (bmo#1432856) Focusing a popup while in fullscreen could have obscured the fullscreen notification * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6813 (bmo#1605814) @import statements in CSS could bypass the Content Security Policy nonce feature * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
# HG changeset patch
|
|
# User Petr Cerny <pcerny@novell.com>
|
|
# Parent 7308e4a7c1f769f4bbbc90870b849cadd99495a6
|
|
# Parent 2361c5db1e70e358b2158325e07fa15bb4569c2c
|
|
Bug 634334 - call to the ntlm_auth helper fails
|
|
|
|
diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp
|
|
--- a/extensions/auth/nsAuthSambaNTLM.cpp
|
|
+++ b/extensions/auth/nsAuthSambaNTLM.cpp
|
|
@@ -156,17 +156,17 @@ static uint8_t* ExtractMessage(const nsA
|
|
*aLen = (length / 4) * 3 - numEquals;
|
|
return reinterpret_cast<uint8_t*>(PL_Base64Decode(s, length, nullptr));
|
|
}
|
|
|
|
nsresult nsAuthSambaNTLM::SpawnNTLMAuthHelper() {
|
|
const char* username = PR_GetEnv("USER");
|
|
if (!username) return NS_ERROR_FAILURE;
|
|
|
|
- const char* const args[] = {"ntlm_auth",
|
|
+ const char* const args[] = {"/usr/bin/ntlm_auth",
|
|
"--helper-protocol",
|
|
"ntlmssp-client-1",
|
|
"--use-cached-creds",
|
|
"--username",
|
|
username,
|
|
nullptr};
|
|
|
|
bool isOK = SpawnIOChild(const_cast<char* const*>(args), &mChildPID,
|