packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-1802

Browse Source
This commit is contained in:
lvfei 2024-03-21 14:53:52 +08:00
parent 64e230a6ae
commit 1d62b6fdcc
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2022-1802.patch Normal file
View File

@ -0,0 +1,47 @@
From d7ee6342bf9a63dc47fd28567008c44cd6e44bad Mon Sep 17 00:00:00 2001
From: Peter Van der Beken <peterv@propagandism.org>
Date: Thu, 19 May 2022 14:31:53 +0000 (22 months ago)
Subject: [PATCH] CVE-2022-1802
---
dom/notification/old/NotificationDB.jsm | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/dom/notification/old/NotificationDB.jsm b/dom/notification/old/NotificationDB.jsm
index e950404f50..06c4d40680 100644
--- a/dom/notification/old/NotificationDB.jsm
+++ b/dom/notification/old/NotificationDB.jsm
@@ -40,8 +40,8 @@ var NotificationDB = {
return;
}
- this.notifications = {};
- this.byTag = {};
+ this.notifications = Object.create(null);
+ this.byTag = Object.create(null);
this.loaded = false;
this.tasks = []; // read/write operation queue
@@ -111,7 +111,7 @@ var NotificationDB = {
// populate the list of notifications by tag
if (this.notifications) {
for (var origin in this.notifications) {
- this.byTag[origin] = {};
+ this.byTag[origin] = Object.create(null);
for (var id in this.notifications[origin]) {
var curNotification = this.notifications[origin][id];
if (curNotification.tag) {
@@ -344,8 +344,8 @@ var NotificationDB = {
var origin = data.origin;
var notification = data.notification;
if (!this.notifications[origin]) {
- this.notifications[origin] = {};
- this.byTag[origin] = {};
+ this.notifications[origin] = Object.create(null);
+ this.byTag[origin] = Object.create(null);
}
// We might have existing notification with this tag,
--
2.27.0

7
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 16 Release: 17
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -195,6 +195,7 @@ Patch651: CVE-2023-4863-2.patch
Patch652: CVE-2023-5217.patch Patch652: CVE-2023-5217.patch
Patch653: CVE-2023-7104.patch Patch653: CVE-2023-7104.patch
Patch654: CVE-2022-22755.patch Patch654: CVE-2022-22755.patch
Patch655: CVE-2022-1802.patch
@ -386,6 +387,7 @@ tar -xf %{SOURCE3}
%patch652 -p1 %patch652 -p1
%patch653 -p1 %patch653 -p1
%patch654 -p1 %patch654 -p1
%patch655 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
@ -835,6 +837,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Thu Mar 21 2024 lvfei <lvfei@kylinos.cn> - 79.0-7-17
- Fix CVE-2022-1802
* Mon Mar 04 2024 lvfei <lvfei@kylinos.cn> - 79.0-16 * Mon Mar 04 2024 lvfei <lvfei@kylinos.cn> - 79.0-16
- fix CVE-2022-22755 - fix CVE-2022-22755