--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.stroke.scale2.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.stroke.scale2.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -38,15 +38,15 @@ ctx.strokeStyle = '#f00'; ctx.stroke(); ctx.restore();-_assertPixel(offscreenCanvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,0, 0,255,0,255, "50,0", "0,255,0,255");-_assertPixel(offscreenCanvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255");-_assertPixel(offscreenCanvas, 0,25, 0,255,0,255, "0,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 99,25, 0,255,0,255, "99,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,49, 0,255,0,255, "50,49", "0,255,0,255");-_assertPixel(offscreenCanvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255");+_assertPixel(canvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255");+_assertPixel(canvas, 50,0, 0,255,0,255, "50,0", "0,255,0,255");+_assertPixel(canvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255");+_assertPixel(canvas, 0,25, 0,255,0,255, "0,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 99,25, 0,255,0,255, "99,25", "0,255,0,255");+_assertPixel(canvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255");+_assertPixel(canvas, 50,49, 0,255,0,255, "50,49", "0,255,0,255");+_assertPixel(canvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255"); t.done(); });

After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes where a variable name was changed from `offscreenCanvas` to `canvas` and all subsequent references to it were updated accordingly.

Here's the structured response:

Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.stroke.scale2.html] [Lines 17-38]
[Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d'); ... _assertPixel(offscreenCanvas, ...)]
[Fixed Code: var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d'); ... _assertPixel(canvas, ...)]

The changes are purely variable naming improvements with no security implications. The functionality remains exactly the same, just using a different variable name.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-intermediate-element-overflow-hidden-and-border-radius.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-intermediate-element-overflow-hidden-and-border-radius.html@@ -7,7 +7,6 @@         <link rel="author" title="Ion Roșca" href="mailto:[email protected]">         <link rel="reviewer" title="Mihai Țică" href="mailto:[email protected]">         <link rel="help" href="https://drafts.fxtf.org/compositing-1/#mix-blend-mode">-        <meta name="flags" content="">         <meta name="assert" content="Test checks that the element with mix-blend-mode, overflow:hidden and border-radius blends correctly with its parent, as well as with the sibling element where they overlap.">         <link rel="match" href="reference/mix-blend-mode-intermediate-element-overflow-hidden-and-border-radius-ref.html">         <style type="text/css">

Based on the provided diff, I'll analyze it for potential security vulnerabilities:

1. Vulnerability Existed: no
Vulnerability Name: N/A (Meta tag removal)
File: testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-intermediate-element-overflow-hidden-and-border-radius.html
Lines: 7
Old Code: `<meta name="flags" content="">`
Fixed Code: (removed)

Additional Details:
- The change simply removes an empty meta tag that wasn't serving any purpose
- This doesn't appear to be a security-related fix, but rather a cleanup of test metadata
- No known vulnerabilities are associated with this change

2. Vulnerability Existed: no
Vulnerability Name: N/A (No security impact)
File: testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-intermediate-element-overflow-hidden-and-border-radius.html
Lines: (entire diff)
Old Code: Included empty flags meta tag
Fixed Code: Removed empty flags meta tag

Additional Details:
- The entire diff consists of removing a single meta tag
- This appears to be a test file maintenance change rather than a security fix
- The change doesn't affect any security-related functionality

Note: The diff provided is very minimal and doesn't show any security-relevant changes. The removal of the empty meta tag doesn't appear to be security-related.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-contain/contain-paint-cell-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-contain/contain-paint-cell-001.html@@ -9,7 +9,6 @@   <link rel="match" href="reference/contain-paint-047-ref.html">   <meta content="This test checks that the paint containment applies to table-cell elements. Therefore the content of the table-cell element should be clipped to the padding edge of its principal box." name="assert">-  <meta name="flags" content="">   <style>   div#table

Based on the provided code diff, here's the analysis:

Vulnerability Existed: no  
No specific vulnerability found [File] testing/web-platform/tests/css/css-contain/contain-paint-cell-001.html [Lines] 9  
[Old Code]  
`<meta name="flags" content="">`  
[Fixed Code]  
(Line removed)

Additional Details:  
The change simply removes an empty meta tag for "flags" which appears to be test-related metadata rather than a security fix. There's no indication of any security vulnerability being addressed in this change. The modification seems to be cleanup of test configuration rather than a security patch.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-tables/absolute-tables-005.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-tables/absolute-tables-005.html@@ -4,7 +4,6 @@ <script src='/resources/check-layout-th.js'></script> <link rel="author" title="David Grogan" href="mailto:[email protected]"> <link rel="help" href="https://www.w3.org/TR/css-tables-3/#computing-the-table-height">-<meta name="flags" content="" /> <meta name="assert" content="When sizing and positioning abspos tables, the specified height is obeyed when the intrinsic height is smaller" /> <style> .cb {

Based on the provided diff, I'll analyze it for security fixes:

1. Vulnerability Existed: no
   No specific vulnerability found [File] [Lines 4-5]
   [Old Code]
   <meta name="flags" content="" />
   [Fixed Code]
   (line removed)

Additional Details:
- The change simply removes an empty meta tag for "flags" which doesn't appear to be security-related
- This seems to be a test file cleanup rather than a security fix
- No known vulnerabilities are associated with empty meta tags
- The change doesn't appear to address any security issues, just removes unnecessary markup

Since there are no other changes in the diff, no other vulnerabilities need to be reported. The modification appears to be a minor cleanup of test file metadata rather than a security-related fix.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/vm/JSContext.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/vm/JSContext.h@@ -422,6 +422,7 @@   friend class js::jit::DebugModeOSRVolatileJitFrameIter;   friend void js::ReportOutOfMemory(JSContext*);   friend void js::ReportOverRecursed(JSContext*);+  friend void js::ReportOversizedAllocation(JSContext*, const unsigned);  public:   inline JS::Result<> boolToResult(bool ok);@@ -695,12 +696,13 @@   } #ifdef DEBUG-  // True if this context has ever called ReportOverRecursed.-  js::ContextData<bool> hadOverRecursed_;+  // True if this context has ever called ReportOverRecursed,+  // ReportOutOfMemory, or ReportOversizedAllocation.+  js::ContextData<bool> hadNondeterministicException_;  public:   bool hadNondeterministicException() const {-    return hadOverRecursed_ || runtime()->hadOutOfMemory ||+    return hadNondeterministicException_ ||            js::oom::simulator.isThreadSimulatingAny();   } #endif@@ -727,6 +729,17 @@   }   const js::AutoCycleDetector::Vector& cycleDetectorVector() const {     return cycleDetectorVector_.ref();+  }++ private:+  js::ContextData<JS::PersistentRooted<JSFunction*>> watchtowerTestingCallback_;++ public:+  JSFunction*& watchtowerTestingCallbackRef() {+    if (!watchtowerTestingCallback_.ref().initialized()) {+      watchtowerTestingCallback_.ref().init(this);+    }+    return watchtowerTestingCallback_.ref().get();   }   /* Client opaque pointer. */

Based on the provided code diff, here's the security analysis:

1. Vulnerability Existed: not sure
   [Potential Information Leak or State Tracking Issue] [js/src/vm/JSContext.h] [Lines 695-696, 700-702]
   [Old Code]
   // True if this context has ever called ReportOverRecursed.
   js::ContextData<bool> hadOverRecursed_;
   
   bool hadNondeterministicException() const {
     return hadOverRecursed_ || runtime()->hadOutOfMemory ||
            js::oom::simulator.isThreadSimulatingAny();
   }
   
   [Fixed Code]
   // True if this context has ever called ReportOverRecursed,
   // ReportOutOfMemory, or ReportOversizedAllocation.
   js::ContextData<bool> hadNondeterministicException_;
   
   bool hadNondeterministicException() const {
     return hadNondeterministicException_ ||
            js::oom::simulator.isThreadSimulatingAny();
   }

   Additional Details: The change expands exception state tracking to include more types of exceptions. While not clearly a security fix, it could be related to preventing information leaks or ensuring proper exception state tracking.

2. Vulnerability Existed: not sure
   [Potential Memory Safety Issue] [js/src/vm/JSContext.h] [Lines 422]
   [Old Code]
   friend void js::ReportOverRecursed(JSContext*);
   
   [Fixed Code]
   friend void js::ReportOverRecursed(JSContext*);
   friend void js::ReportOversizedAllocation(JSContext*, const unsigned);

   Additional Details: The addition of ReportOversizedAllocation as a friend function suggests improved handling of memory allocation failures, which could be security-related, but the exact impact is unclear.

3. Vulnerability Existed: not sure
   [Potential Memory Management Issue] [js/src/vm/JSContext.h] [Lines 729-737]
   [Old Code]
   (No equivalent code existed before)
   
   [Fixed Code]
   js::ContextData<JS::PersistentRooted<JSFunction*>> watchtowerTestingCallback_;
   
   JSFunction*& watchtowerTestingCallbackRef() {
     if (!watchtowerTestingCallback_.ref().initialized()) {
       watchtowerTestingCallback_.ref().init(this);
     }
     return watchtowerTestingCallback_.ref().get();
   }

   Additional Details: The addition of watchtowerTestingCallback_ suggests new functionality for testing or monitoring, but it's unclear if this fixes a specific vulnerability or is just new feature work.

Note: While none of these changes clearly indicate specific named vulnerabilities, they appear to be related to improved memory management and exception handling, which could have security implications. The changes suggest a focus on making memory-related error handling more robust.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/services/settings/dumps/security-state/intermediates.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/services/settings/dumps/security-state/intermediates.json@@ -1,5 +1,1265 @@ {   "data": [+    {+      "schema": 1648025322112,+      "derHash": "qXyhN1uRlT5TalVHawrERMcIapUeSQo6PRNjChn0DNQ=",+      "subject": "CN=TWCA InfoSec User CA,OU=User CA,O=TAIWAN-CA Inc.,C=TW",+      "subjectDN": "MFcxCzAJBgNVBAYTAlRXMRcwFQYDVQQKEw5UQUlXQU4tQ0EgSW5jLjEQMA4GA1UECxMHVXNlciBDQTEdMBsGA1UEAxMUVFdDQSBJbmZvU2VjIFVzZXIgQ0E=",+      "whitelist": false,+      "attachment": {+        "hash": "6aaaa07d5c201417999a0e22e73d6ede06b3ae7309353301a6d321d172316983",+        "size": 1703,+        "filename": "bqhl3DAHcc4Kg-bxpYCIoIh4Tjx38mrpuN4vD6gDaHY=.pem",+        "location": "security-state-staging/intermediates/dbc7f86a-a8bd-4852-9d23-1d43fa46ee74.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "bqhl3DAHcc4Kg+bxpYCIoIh4Tjx38mrpuN4vD6gDaHY=",+      "crlite_enrolled": false,+      "id": "ffdd983c-ad21-42e0-bd71-4c89196fb73c",+      "last_modified": 1648025848804+    },+    {+      "schema": 1648025321155,+      "derHash": "B0hA46Z9zSYAtrAE4Rh6yAvf6JbK9JPflMw9mjymiBQ=",+      "subject": "CN=TWCA InfoSec User CA,OU=User CA,O=TAIWAN-CA Inc.,C=TW",+      "subjectDN": "MFcxCzAJBgNVBAYTAlRXMRcwFQYDVQQKEw5UQUlXQU4tQ0EgSW5jLjEQMA4GA1UECxMHVXNlciBDQTEdMBsGA1UEAxMUVFdDQSBJbmZvU2VjIFVzZXIgQ0E=",+      "whitelist": false,+      "attachment": {+        "hash": "45844bd66bf712d05a01885a5ed8fe191938dc90ceb1c6bb05a732c72ec77002",+        "size": 1703,+        "filename": "ffKwXiiyZfl8ltFLZ9k5urWtoCKNBNklL8cqiHHZUUQ=.pem",+        "location": "security-state-staging/intermediates/54742694-a874-4df8-9c81-e88d2f2221f4.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "ffKwXiiyZfl8ltFLZ9k5urWtoCKNBNklL8cqiHHZUUQ=",+      "crlite_enrolled": false,+      "id": "73d165e8-c4b1-4300-a6eb-607ee522dabe",+      "last_modified": 1648025848795+    },+    {+      "schema": 1648025320193,+      "derHash": "mxby9oDXxL1qZ/YJNA2mQWq/nkPxMmsBuYgZInHQtfI=",+      "subject": "CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW",+      "subjectDN": "MG8xCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExGjAYBgNVBAsTEVNlY3VyZSBTU0wgU3ViLUNBMTAwLgYDVQQDEydUV0NBIFNlY3VyZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk=",+      "whitelist": false,+      "attachment": {+        "hash": "acd717a163c1e31ec674bb2953f2f16be424838b5d36e703984df5d77c80d023",+        "size": 2032,+        "filename": "8hqbhsMMFPaPA8t81pxqFer9-neHBcQvO7-TAKjWkb0=.pem",+        "location": "security-state-staging/intermediates/b5f4faa4-0521-4c2b-939b-4bef5f921421.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "8hqbhsMMFPaPA8t81pxqFer9+neHBcQvO7+TAKjWkb0=",+      "crlite_enrolled": false,+      "id": "163c4d13-0624-40c4-83d7-7b9bbea0f129",+      "last_modified": 1648025848786+    },+    {+      "schema": 1648025319180,+      "derHash": "SWlaXw9+9u32mBk9me1Iuq3iDqRXQDwRzq1JLEWGZdo=",+      "subject": "CN=TWCA Global EVSSL Certification Authority,OU=Global EVSSL Sub-CA,O=TAIWAN-CA,C=TW",+      "subjectDN": "MHMxCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExHDAaBgNVBAsTE0dsb2JhbCBFVlNTTCBTdWItQ0ExMjAwBgNVBAMTKVRXQ0EgR2xvYmFsIEVWU1NMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5",+      "whitelist": false,+      "attachment": {+        "hash": "4f777697d0c427439f9282b53a652b4a868074c5e1ae55a6dfe51dc32d19b817",+        "size": 1955,+        "filename": "3sXbPfqhHfn3hza4ob3X6iuMjfN9qdgOhBAC5GOp-TY=.pem",+        "location": "security-state-staging/intermediates/1b6005ce-3d05-4336-b84f-46f273145539.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "3sXbPfqhHfn3hza4ob3X6iuMjfN9qdgOhBAC5GOp+TY=",+      "crlite_enrolled": false,+      "id": "c44d3056-f6b6-415c-8f13-43d0b71fb7b5",+      "last_modified": 1648025848777+    },+    {+      "schema": 1647788245578,+      "derHash": "8Hu73gdvm0DFfMS+/t6Xyh9Tua4UfwNdKEy/U/NDL7g=",+      "subject": "CN=CFCA OV OCA,O=China Financial Certification Authority,C=CN",+      "subjectDN": "MFUxCzAJBgNVBAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFDASBgNVBAMMC0NGQ0EgT1YgT0NB",+      "whitelist": false,+      "attachment": {+        "hash": "bc37658d1568750ae385b92be54ede64df31899d30f67211fd1e015c9dc7803b",+        "size": 1963,+        "filename": "uc0FPx73f1ObHGmGZOcevy371Uo9asVjdabpiS0lKgQ=.pem",+        "location": "security-state-staging/intermediates/8a832b56-3f0a-4b5f-8966-8a1da5242863.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "uc0FPx73f1ObHGmGZOcevy371Uo9asVjdabpiS0lKgQ=",+      "crlite_enrolled": false,+      "id": "b2b776e5-2b2f-4c8e-819d-026b8d3855d2",+      "last_modified": 1647853041835+    },+    {+      "schema": 1647701328614,+      "derHash": "mKDDuhiZJYWV0E8V0TTFcy6GS3VcZIpI0cF/CiYO9ac=",+      "subject": "CN=TrustSafe TLS RSA SubCA R1,O=Isimtescil Bilisim A.S.,C=TR",+      "subjectDN": "MFQxCzAJBgNVBAYTAlRSMSAwHgYDVQQKDBdJc2ltdGVzY2lsIEJpbGlzaW0gQS5TLjEjMCEGA1UEAwwaVHJ1c3RTYWZlIFRMUyBSU0EgU3ViQ0EgUjE=",+      "whitelist": false,+      "attachment": {+        "hash": "90c93b3a50c031ef4beb4224d3085eafa66d1c8be8d4bc2bdeea1476967ed709",+        "size": 2365,+        "filename": "_SrUGYsWpDW44q_gIPL4e-vKroLPu0_n0OySZvb5g6U=.pem",+        "location": "security-state-staging/intermediates/9849321e-0fe1-42f2-a509-ed0dcfa3b2e1.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "/SrUGYsWpDW44q/gIPL4e+vKroLPu0/n0OySZvb5g6U=",+      "crlite_enrolled": true,+      "id": "0fc46ca8-adb2-450b-9bd7-49706b5eca52",+      "last_modified": 1647701842317+    },+    {+      "schema": 1647701328249,+      "derHash": "mH/y47JaOhTLhD2Qezx/AHwnSSGvwQAX+F1PrnsMuLY=",+      "subject": "CN=DigiCert Assured ID TLS RSA4096 SHA256 2022 CA1,O=DigiCert\\, Inc.,C=US",+      "subjectDN": "MGAxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE4MDYGA1UEAxMvRGlnaUNlcnQgQXNzdXJlZCBJRCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTE=",+      "whitelist": false,+      "attachment": {+        "hash": "ea98651742d65855a2b89e7d033a40bf1adf3bb22e730eda3ea9896019690d52",+        "size": 2089,+        "filename": "t6F6ltc_eNYw0WY4vUTTo7SvuavxVPXIIpqLyWMQG-g=.pem",+        "location": "security-state-staging/intermediates/27c32677-48fe-4613-8b2f-ca869cef0d85.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "t6F6ltc/eNYw0WY4vUTTo7SvuavxVPXIIpqLyWMQG+g=",+      "crlite_enrolled": true,+      "id": "3ef3ce19-bcfb-484b-9e2e-253adcc956b5",+      "last_modified": 1647701842304+    },+    {+      "schema": 1647701328071,+      "derHash": "lzpBJ2/9AeAnoqrUnjTDeEbT6Xb/amILZxLjODIEGqY=",+      "subject": "CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\\, Inc.,L=Scottsdale,ST=Arizona,C=US",+      "subjectDN": "MIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy",+      "whitelist": false,+      "attachment": {+        "hash": "a111efc20329e87b541cfc3e7f526fc54bb24624fddf210f4347b9fadfb1ab6b",+        "size": 1727,+        "filename": "8Rw90Ej3Ttt8RRkrg-WYDS9n7IS03bk5bjP_UXPtaY8=.pem",+        "location": "security-state-staging/intermediates/a2a04dfe-6201-4d0a-b8cf-80d2975bfb51.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "8Rw90Ej3Ttt8RRkrg+WYDS9n7IS03bk5bjP/UXPtaY8=",+      "crlite_enrolled": true,+      "id": "549c92e2-3738-4c8c-ae37-407e4e6158ce",+      "last_modified": 1647701842291+    },+    {+      "schema": 1647680259122,+      "derHash": "4i5rJZCOEQemB68GDgsk5QxtlWL/BPRVvg+N9BpQMsA=",+      "subject": "CN=SZAFIR Trusted CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL",+      "subjectDN": "MFQxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRswGQYDVQQDDBJTWkFGSVIgVHJ1c3RlZCBDQTI=",+      "whitelist": false,+      "attachment": {+        "hash": "b998d1830338d9ca1bada5e5e1a33ef3a5f89c9c13ccfa1b8ea7a2f3aea980a1",+        "size": 1825,+        "filename": "Ea2smccTC5mFDdTrs5gKD6HaYthL4lhPx97QmLgbFQc=.pem",+        "location": "security-state-staging/intermediates/d47f17a5-7858-4e12-ac5e-0454f2a87e62.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "Ea2smccTC5mFDdTrs5gKD6HaYthL4lhPx97QmLgbFQc=",+      "crlite_enrolled": true,+      "id": "43f6861b-21c6-4ebd-a31e-6d9e61e879af",+      "last_modified": 1647701842264+    },+    {+      "schema": 1647701328797,+      "derHash": "puYUXPpzIrIt1vuvHfgzN4jbefGbEbaVz8kHtA0paQg=",+      "subject": "CN=PSW GROUP (RSA) OV CA,O=PSW GROUP GmbH & Co. KG,C=DE",+      "subjectDN": "ME8xCzAJBgNVBAYTAkRFMSAwHgYDVQQKDBdQU1cgR1JPVVAgR21iSCAmIENvLiBLRzEeMBwGA1UEAxMVUFNXIEdST1VQIChSU0EpIE9WIENB",+      "whitelist": false,+      "attachment": {+        "hash": "89a81c5442a54c9e5195381aa5bf5118b69c785fe73b5919acc00fa7735b5960",+        "size": 2081,+        "filename": "XJxD3hWuTDkFb4_QXFPChkZ3hlp9UIhypa5Cf40iwOE=.pem",+        "location": "security-state-staging/intermediates/ea0a20eb-041e-467e-9b0a-9cc38c85baf8.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "XJxD3hWuTDkFb4/QXFPChkZ3hlp9UIhypa5Cf40iwOE=",+      "crlite_enrolled": true,+      "id": "c79b7b86-d814-4f7c-aad6-03a1383c763c",+      "last_modified": 1647701842252+    },+    {+      "schema": 1647654826542,+      "derHash": "NCY+lCTYGblLz6h+ad2e9DIF1OLehKU0lzFAY9gilps=",+      "subject": "CN=Verokey High Assurance Verified Business ECC,O=Verokey,C=AU",+      "subjectDN": "MFYxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MTUwMwYDVQQDEyxWZXJva2V5IEhpZ2ggQXNzdXJhbmNlIFZlcmlmaWVkIEJ1c2luZXNzIEVDQw==",+      "whitelist": false,+      "attachment": {+        "hash": "b6f22240546a8b483896de6c2db0fccfb73386b23b7ad01978cf5ba9a6082950",+        "size": 1260,+        "filename": "bwcsf3KkBp7k-_kn61hwGrohcM2771HiHahosrGrHfc=.pem",+        "location": "security-state-staging/intermediates/c9e91312-d78c-4dcb-ac34-fa8d5551fd6a.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "bwcsf3KkBp7k+/kn61hwGrohcM2771HiHahosrGrHfc=",+      "crlite_enrolled": false,+      "id": "d6958d94-103f-4a2b-92b9-2b27cabf0600",+      "last_modified": 1647658654006+    },+    {+      "schema": 1647654825609,+      "derHash": "XuWq1wSotpiIP0ApcgyPoct5yfo0Y8wkNAYp6+bFpis=",+      "subject": "CN=Verokey Secure Web G2,O=Verokey,C=AU",+      "subjectDN": "MD8xCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MR4wHAYDVQQDExVWZXJva2V5IFNlY3VyZSBXZWIgRzI=",+      "whitelist": false,+      "attachment": {+        "hash": "8d08fa773eab40914d633ec0fc0c90f83553e8e8900c895ff3b9fac73917357c",+        "size": 1683,+        "filename": "YOICDd74CBBTQQEfP4A_1QP-tDZ8_JTzjErj5b1IsYo=.pem",+        "location": "security-state-staging/intermediates/b1916190-6e0c-4a41-88c9-4b5aadcf3649.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "YOICDd74CBBTQQEfP4A/1QP+tDZ8/JTzjErj5b1IsYo=",+      "crlite_enrolled": false,+      "id": "c449be6f-2cc0-481e-af04-2182142ce9f1",+      "last_modified": 1647658653997+    },+    {+      "schema": 1647654824627,+      "derHash": "vP0mFOQtY8WWkcPOi+x5LeL86JztT5xGDQqEhXMHT8s=",+      "subject": "CN=Verokey Secure Web ECC,O=Verokey,C=AU",+      "subjectDN": "MEAxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MR8wHQYDVQQDExZWZXJva2V5IFNlY3VyZSBXZWIgRUND",+      "whitelist": false,+      "attachment": {+        "hash": "29224ac45981f9cd3a7eb1dce987dac6168937b2ad8eea795026a1f3d0a67941",+        "size": 1191,+        "filename": "XmuaPGGLJTHOHi-UMbaLYNSGsmun3VCxmY6w4RyyJuM=.pem",+        "location": "security-state-staging/intermediates/e3df8599-af15-414f-9c42-298124ca648c.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "XmuaPGGLJTHOHi+UMbaLYNSGsmun3VCxmY6w4RyyJuM=",+      "crlite_enrolled": false,+      "id": "ac31c3ff-db37-4e38-80a3-b0c09a6753df",+      "last_modified": 1647658653989+    },+    {+      "schema": 1647654822732,+      "derHash": "269Y3r+7od6OBNyueiwWOwnTnn5zLpHeqGVcK9cyqwA=",+      "subject": "CN=Verokey Secure Web,O=Verokey,C=AU",+      "subjectDN": "MDwxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MRswGQYDVQQDExJWZXJva2V5IFNlY3VyZSBXZWI=",+      "whitelist": false,+      "attachment": {+        "hash": "c5f50c22da86ef7b7de5af316d9e01bee66bb2b8b74913b1b1b1ddca99ad5b8a",+        "size": 1678,+        "filename": "BLGkEY8QPCtAg4Yd-57Aiig-74Lh325P803f8vLhBoc=.pem",+        "location": "security-state-staging/intermediates/36c3a520-0118-469c-a721-cfd21fcfa174.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "BLGkEY8QPCtAg4Yd+57Aiig+74Lh325P803f8vLhBoc=",+      "crlite_enrolled": false,+      "id": "8d5e7e22-7c97-431c-b156-e2e7c90dbc77",+      "last_modified": 1647658653980+    },+    {+      "schema": 1647654821815,+      "derHash": "vokmSlgxMBK3SWA8m+vDzXkU23FqSeXg6pfkOjiDpd8=",+      "subject": "CN=Verokey High Assurance Verified Business G2,O=Verokey,C=AU",+      "subjectDN": "MFUxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MTQwMgYDVQQDEytWZXJva2V5IEhpZ2ggQXNzdXJhbmNlIFZlcmlmaWVkIEJ1c2luZXNzIEcy",+      "whitelist": false,+      "attachment": {+        "hash": "81e4f6e788d4f4a8e65ebc2209113e276031df40b369a1322d53a330142cfa5e",+        "size": 2410,+        "filename": "tlfNnL_wJhxfoQr77OWpEGwaZB50PiKeJS1xv1JczIc=.pem",+        "location": "security-state-staging/intermediates/f3309154-7af6-449b-a26d-1fc2a0bf5a1f.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "tlfNnL/wJhxfoQr77OWpEGwaZB50PiKeJS1xv1JczIc=",+      "crlite_enrolled": false,+      "id": "fc71f24e-260a-458c-b6fc-49efd9879a92",+      "last_modified": 1647658653971+    },+    {+      "schema": 1647654820829,+      "derHash": "ftvm+MSaHjmIyq3UOLcvB7avnOdRz1g1FjFh1jyuTd8=",+      "subject": "CN=Verokey Verified Business G2,O=Verokey,C=AU",+      "subjectDN": "MEYxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MSUwIwYDVQQDExxWZXJva2V5IFZlcmlmaWVkIEJ1c2luZXNzIEcy",+      "whitelist": false,+      "attachment": {+        "hash": "bebdb836f3821f22a2cf8a9d37d5cf2f9b6170f67a088076c6a0a61f478c9e99",+        "size": 1865,+        "filename": "F0x5cftsPCB48ynEovjelRoxjTrQOKe0TVZJV_E5uNY=.pem",+        "location": "security-state-staging/intermediates/7bc559dd-136e-4b22-bba0-46275c42e46a.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "F0x5cftsPCB48ynEovjelRoxjTrQOKe0TVZJV/E5uNY=",+      "crlite_enrolled": false,+      "id": "fb5813da-8a74-4f21-8165-3fe6274ab2c0",+      "last_modified": 1647658653962+    },+    {+      "schema": 1647654819872,+      "derHash": "8e07Nckvpdqqo91F+Z66O4I6L7HCSonO0WmdleAlZKI=",+      "subject": "CN=Verokey Verified Business ECC,O=Verokey,C=AU",+      "subjectDN": "MEcxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MSYwJAYDVQQDEx1WZXJva2V5IFZlcmlmaWVkIEJ1c2luZXNzIEVDQw==",+      "whitelist": false,+      "attachment": {+        "hash": "3f188e11517ee73f64bbd36e9ee158a73be3ad9815dbfc0fd11f743283d12684",+        "size": 1199,+        "filename": "OIPaHQX_1ijRXDAogCIp0fJvOFmAwNZfokh0jDupQ_s=.pem",+        "location": "security-state-staging/intermediates/873835df-c179-4e1d-b67d-65d580190ce4.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "OIPaHQX/1ijRXDAogCIp0fJvOFmAwNZfokh0jDupQ/s=",+      "crlite_enrolled": false,+      "id": "42dc8291-ec41-4fad-8526-b3a45b3daaa0",+      "last_modified": 1647658653954+    },+    {+      "schema": 1647654818889,+      "derHash": "1sxXuSYOmwEt+sQKgb/AIrktkfpJt8RcWd+GcCqsKQY=",+      "subject": "CN=Verokey Verified Business,O=Verokey,C=AU",+      "subjectDN": "MEMxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MSIwIAYDVQQDExlWZXJva2V5IFZlcmlmaWVkIEJ1c2luZXNz",+      "whitelist": false,+      "attachment": {+        "hash": "ad91c21bd6c4e12bab1179f64d3061f1a8c3f99e4e8edc9902360c09c0d6f009",+        "size": 1687,+        "filename": "jVuisrysh5HDay17vNJwtigzbmgB6GyT5_TBkYrj7aQ=.pem",+        "location": "security-state-staging/intermediates/88d20507-b598-4ce5-9ba2-761d21a4e419.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "jVuisrysh5HDay17vNJwtigzbmgB6GyT5/TBkYrj7aQ=",+      "crlite_enrolled": false,+      "id": "4e6df119-41d9-4a2f-833f-eded8105015b",+      "last_modified": 1647658653945+    },+    {+      "schema": 1647654823652,+      "derHash": "Lw44WGTS3KiseuSBZCh7/kUSbGvNkukbs98SUMey2ro=",+      "subject": "CN=Verokey High Assurance Verified Business,O=Verokey,C=AU",+      "subjectDN": "MFIxCzAJBgNVBAYTAkFVMRAwDgYDVQQKEwdWZXJva2V5MTEwLwYDVQQDEyhWZXJva2V5IEhpZ2ggQXNzdXJhbmNlIFZlcmlmaWVkIEJ1c2luZXNz",+      "whitelist": false,+      "attachment": {+        "hash": "046bc1ca834973eaf6354dd03041477d215c49ce451e42a47d536a0ed8881434",+        "size": 1707,+        "filename": "ta5zRgM3pICBxt5qegtMsZETN77Zk1tN6gApXWT5Oz0=.pem",+        "location": "security-state-staging/intermediates/e513b328-655a-441e-86ca-5d563a8439fd.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "ta5zRgM3pICBxt5qegtMsZETN77Zk1tN6gApXWT5Oz0=",+      "crlite_enrolled": false,+      "id": "5163308a-7837-468c-9467-d3cb0e6db613",+      "last_modified": 1647658653936+    },+    {+      "schema": 1647442638278,+      "derHash": "slTzzerx0pq1PLQ56A+5lvHpCig+m1CFuHSdGOT1mHs=",+      "subject": "CN=GlobalSign Atlas R3 DV ACME CA H2 2021,O=GlobalSign nv-sa,C=BE",+      "subjectDN": "MFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8wLQYDVQQDEyZHbG9iYWxTaWduIEF0bGFzIFIzIERWIEFDTUUgQ0EgSDIgMjAyMQ==",+      "whitelist": false,+      "attachment": {+        "hash": "9b7764d2dd9d44f3454ff2c69278ccacf175873333cb4bc22bb78001354c66f5",+        "size": 1715,+        "filename": "Drirt5siv6auOz2CsdX1ih0Gq_A2hFkwS82cYSyOOSc=.pem",+        "location": "security-state-staging/intermediates/be7d54ce-f543-44f1-8741-28214b2ee3cd.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "Drirt5siv6auOz2CsdX1ih0Gq/A2hFkwS82cYSyOOSc=",+      "crlite_enrolled": false,+      "id": "1ea36836-d34e-48ad-a1c3-679ebae83102",+      "last_modified": 1647464240149+    },+    {+      "schema": 1647442123610,+      "derHash": "gCRH7lIcxmbNt7uuk6OF5V8gDXaj0TVqhURaxMvb7RI=",+      "subject": "CN=Cybertrust Global Root,O=Cybertrust\\, Inc",+      "subjectDN": "MDsxGDAWBgNVBAoTD0N5YmVydHJ1c3QsIEluYzEfMB0GA1UEAxMWQ3liZXJ0cnVzdCBHbG9iYWwgUm9vdA==",+      "whitelist": false,+      "attachment": {+        "hash": "0311ba514ea52c161164a44190d3ff8d3f21d7e178936261c9f0f3b873c30bc0",+        "size": 1317,+        "filename": "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU=.pem",+        "location": "security-state-staging/intermediates/a7042ba0-a0c3-40c6-a970-0ee5cdb75e39.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU=",+      "crlite_enrolled": false,+      "id": "75d60e87-9f16-4a0c-bd57-5fc185f8e40b",+      "last_modified": 1647442637728+    },+    {+      "schema": 1647406128599,+      "derHash": "HIhGxAasYpT68NMqWhTnnIQThaV/EVm2HpAUYF435ek=",+      "subject": "CN=DigiCert Assured ID G3 TLS ECC384 SHA384 2022 CA1,O=DigiCert\\, Inc.,C=US",+      "subjectDN": "MGIxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE6MDgGA1UEAxMxRGlnaUNlcnQgQXNzdXJlZCBJRCBHMyBUTFMgRUNDMzg0IFNIQTM4NCAyMDIyIENBMQ==",+      "whitelist": false,+      "attachment": {+        "hash": "682a6d671295b8e0ca15d671be54d68c7d5786b8b33b65eb4e943f238772b094",+        "size": 1288,+        "filename": "otVuF_gByhb3Aev07shrO8GeUcthd4Qw5N_K1L0fizo=.pem",+        "location": "security-state-staging/intermediates/d6b7ddd7-f249-4342-9621-2f56bffe26af.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "otVuF/gByhb3Aev07shrO8GeUcthd4Qw5N/K1L0fizo=",+      "crlite_enrolled": true,+      "id": "e0227843-5910-4bd0-adaa-01d35e7a7005",+      "last_modified": 1647406642091+    },+    {+      "schema": 1647406127910,+      "derHash": "RCLpY+5TzVjMn4XNQL9f/sAJX98aFUU1ZhwcBrytxps=",+      "subject": "CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzE=",+      "whitelist": false,+      "attachment": {+        "hash": "69d032f5f19ec96ac1d0f6f0b439e8d2c2bfd00ab74cdabf88312932bac1b34f",+        "size": 1691,+        "filename": "E3tYcwo9CiqATmKtpMLW5V-pzIq-ZoDmpXSiJlXGmTo=.pem",+        "location": "security-state-staging/intermediates/9eebdfa1-1d2e-4e19-abdd-69d9d51be643.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "E3tYcwo9CiqATmKtpMLW5V+pzIq+ZoDmpXSiJlXGmTo=",+      "crlite_enrolled": true,+      "id": "f7aa6ee8-81ba-45d2-8cff-4314c6e506ad",+      "last_modified": 1647406642057+    },+    {+      "schema": 1647406129124,+      "derHash": "GFwK5HBCO51GeKfBBVtbSNkHBVBbeU4hXAY4UTNpgfQ=",+      "subject": "CN=GeoTrust EV RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0dlb1RydXN0IEVWIFJTQSBDQSAyMDE4",+      "whitelist": false,+      "attachment": {+        "hash": "a0a4b49c90bff29d9b9a8c5f2ef42bb769f854311f7a16f1b9861161f8870867",+        "size": 1666,+        "filename": "yWulDX8E5Q0XG4-9jVDljmO2FvAVzIRhn2MppW4vyUM=.pem",+        "location": "security-state-staging/intermediates/69bd0c27-8b17-47e6-8656-b35a53ad9631.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "yWulDX8E5Q0XG4+9jVDljmO2FvAVzIRhn2MppW4vyUM=",+      "crlite_enrolled": true,+      "id": "1cc0b067-f5fa-460a-b0ce-63e242f5c312",+      "last_modified": 1647406642046+    },+    {+      "schema": 1647406128777,+      "derHash": "Sv/k/vOUZNF4jGYK9ZHV5gGyYcSBHfCj3Z1hyv6OXtg=",+      "subject": "CN=TrustAsia EV TLS Pro CA,O=TrustAsia Technologies\\, Inc.,C=CN",+      "subjectDN": "MFYxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSAwHgYDVQQDExdUcnVzdEFzaWEgRVYgVExTIFBybyBDQQ==",+      "whitelist": false,+      "attachment": {+        "hash": "9a34bc6ed9a54f81e18afe77e80e21229b781d54bc55db04519ecea2fb3e30f4",+        "size": 1658,+        "filename": "JTqDYh_WILx03HF-qMSr0wy2uDSoWh4uqNea4MnbzZ8=.pem",+        "location": "security-state-staging/intermediates/50647d00-cffd-4a34-99f4-97db530d09bd.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "JTqDYh/WILx03HF+qMSr0wy2uDSoWh4uqNea4MnbzZ8=",+      "crlite_enrolled": true,+      "id": "58b5207a-569c-440d-b868-afae280ff8f2",+      "last_modified": 1647406642035+    },+    {+      "schema": 1647406128086,+      "derHash": "/BbVMgO9kYfWnMmdLaVRB2tNyymBQNZ1H3oBKWbJn90=",+      "subject": "CN=RapidSSL TLS ECC CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBFQ0MgQ0EgRzE=",+      "whitelist": false,+      "attachment": {+        "hash": "5ab29482e9032bced4020a6ffd28ba40b857897ed628b88bc1554bc73e84f763",+        "size": 1199,+        "filename": "cBtUiO-mwdgMfNeEp_qKuEHswRn2nHp2FDUKVi_aTDw=.pem",+        "location": "security-state-staging/intermediates/154391f2-0f93-44b9-b118-5fc88dafa782.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "cBtUiO+mwdgMfNeEp/qKuEHswRn2nHp2FDUKVi/aTDw=",+      "crlite_enrolled": true,+      "id": "de84a7ad-8fc1-4cf5-96dd-67d123f93d29",+      "last_modified": 1647406642024+    },+    {+      "schema": 1647406128422,+      "derHash": "wG4wf3z8HTL6cqTAM8h7kAGa8hbwd11kl4ouymyKIw4=",+      "subject": "CN=GeoTrust TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBSU0EgQ0EgRzE=",+      "whitelist": false,+      "attachment": {+        "hash": "79eaef52d1cceae208d6f4e81408cb6e81bd7358789d8d112f8acbab4bbf4f9c",+        "size": 1638,+        "filename": "SDG5orEv8iX6MNenIAxa8nQFNpROB_6-llsZdXHZNqs=.pem",+        "location": "security-state-staging/intermediates/9987d215-bbb5-4e1e-8e50-33173b65ca32.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "SDG5orEv8iX6MNenIAxa8nQFNpROB/6+llsZdXHZNqs=",+      "crlite_enrolled": true,+      "id": "3a3c5d35-1116-4a25-9c6e-f43057fdd426",+      "last_modified": 1647406642013+    },+    {+      "schema": 1647406127393,+      "derHash": "qDhAXrsD9d/Y1KlXKubg4/NW7E7BNDdaWdt7GV3D7EQ=",+      "subject": "CN=GeoTrust TLS ECC CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBFQ0MgQ0EgRzE=",+      "whitelist": false,+      "attachment": {+        "hash": "c0c946701c933eed603c99ac71fe696329ac344e1eb857450da9a3c6fc6b28e7",+        "size": 1146,+        "filename": "5UDBgr_RVcJyUuNCNmS5AenhQ6TpdPBpf6CAGjUnD10=.pem",+        "location": "security-state-staging/intermediates/9ec06331-3cbe-42b8-91ab-ca659d7ff6e1.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "5UDBgr/RVcJyUuNCNmS5AenhQ6TpdPBpf6CAGjUnD10=",+      "crlite_enrolled": true,+      "id": "500a38fb-8a19-47cf-b4b5-4000d9bf8da1",+      "last_modified": 1647406642002+    },+    {+      "schema": 1647406128950,+      "derHash": "OIPm3kkXpGtZTswtKsapXUPn6qjgiakfm8EE/xbfjeY=",+      "subject": "CN=Secure Site Pro Extended Validation CA,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJlNlY3VyZSBTaXRlIFBybyBFeHRlbmRlZCBWYWxpZGF0aW9uIENB",+      "whitelist": false,+      "attachment": {+        "hash": "873a9affb573886082637d5874421893f652b55adfa77a32cb7cd76d35bb12b5",+        "size": 1695,+        "filename": "C5iNVr6DMrTBS2Wvb08zPxdCQnB0DSWA-yu6a9MbQBI=.pem",+        "location": "security-state-staging/intermediates/809d29c1-5609-421a-be6f-b48dc16e8d28.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "C5iNVr6DMrTBS2Wvb08zPxdCQnB0DSWA+yu6a9MbQBI=",+      "crlite_enrolled": true,+      "id": "127c9f06-6f9a-4d9e-b4f9-e0f7b637cd96",+      "last_modified": 1647406641991+    },+    {+      "schema": 1647399296865,+      "derHash": "S8xeI0/oHt5Or4g6oZwxM1sLJuheBmuZReTLYVPrIMI=",+      "subject": "CN=Thawte TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MF4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHTAbBgNVBAMTFFRoYXd0ZSBUTFMgUlNBIENBIEcx",+      "whitelist": false,+      "attachment": {+        "hash": "ab46e21b2e6e52647007f65c64b45ece54a6f9162bf19babfd723021d1ed126d",+        "size": 1634,+        "filename": "42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG-CipUmaM=.pem",+        "location": "security-state-staging/intermediates/1acc8b9e-e1d0-4bbd-92ab-c45c37b76729.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "42b9RNOnyb3tlC0KYtNPA3KKpJluskyU6aG+CipUmaM=",+      "crlite_enrolled": true,+      "id": "763c82cc-5847-4f29-a81a-d189fde21751",+      "last_modified": 1647406641979+    },+    {+      "schema": 1647406126872,+      "derHash": "01M7cypRim2mjvJmCF4R39EUwOsAks1DUwpE1UuRPtE=",+      "subject": "CN=Secure Site CA,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MFgxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xFzAVBgNVBAMTDlNlY3VyZSBTaXRlIENB",+      "whitelist": false,+      "attachment": {+        "hash": "93b4a44bb6fe2449a59754db745e41e1157b80bf49f3c2f364ac5f13eaca7195",+        "size": 1662,+        "filename": "3mc_12C2pwvtV5JjfcxLmbbWYQSbj9yqSWLXKfZcMUw=.pem",+        "location": "security-state-staging/intermediates/179c0ac1-bf62-4ad7-8373-95d6baefb9a3.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "3mc/12C2pwvtV5JjfcxLmbbWYQSbj9yqSWLXKfZcMUw=",+      "crlite_enrolled": true,+      "id": "4353f974-e604-4be1-b7e8-63cd2a9fe2c7",+      "last_modified": 1647406641968+    },+    {+      "schema": 1647406128251,+      "derHash": "AJhxw6TGBzEeWukvAQlfm/dhALh5SrCppSEOZ5TIYHw=",+      "subject": "CN=Trust Provider B.V. TLS RSA CA G1,OU=Domain Validated SSL,O=Trust Provider B.V.,C=NL",+      "subjectDN": "MHYxCzAJBgNVBAYTAk5MMRwwGgYDVQQKExNUcnVzdCBQcm92aWRlciBCLlYuMR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEqMCgGA1UEAxMhVHJ1c3QgUHJvdmlkZXIgQi5WLiBUTFMgUlNBIENBIEcx",+      "whitelist": false,+      "attachment": {+        "hash": "be93cbc768b2a781054d69b3d1b32596d09aabb573a067ff44e5770bc18fb99e",+        "size": 1687,+        "filename": "DZ2CNIcIqZj3arOg4dqY2nkxRPJTRypLcTMN_FbGZLM=.pem",+        "location": "security-state-staging/intermediates/f158c5a3-4e14-476d-a5ac-d85b7f4fcedc.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "DZ2CNIcIqZj3arOg4dqY2nkxRPJTRypLcTMN/FbGZLM=",+      "crlite_enrolled": true,+      "id": "f7673261-e96a-4f2c-a927-d30881e9e80f",+      "last_modified": 1647406641957+    },+    {+      "schema": 1647406127221,+      "derHash": "90w7LH5FXWVNnuWqpxJ4nMsme5YcGhzkimnIYM0ZNng=",+      "subject": "CN=Thawte EV ECC CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHjAcBgNVBAMTFVRoYXd0ZSBFViBFQ0MgQ0EgMjAxOA==",+      "whitelist": false,+      "attachment": {+        "hash": "029e038309e109b338a8e5d3d4e6300803b81c7d7d64ed413d523864ea9f6f9d",+        "size": 1390,+        "filename": "sHnhNNcEZAQ0U5qyqTUj5LjSA8SG8NfF7zS_jwKtxLc=.pem",+        "location": "security-state-staging/intermediates/6c018133-a6a4-4913-a016-38a7d1ab820a.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "sHnhNNcEZAQ0U5qyqTUj5LjSA8SG8NfF7zS/jwKtxLc=",+      "crlite_enrolled": true,+      "id": "2032121f-569e-449d-8b03-3e918762323e",+      "last_modified": 1647406641946+    },+    {+      "schema": 1647406129472,+      "derHash": "vzVY+HfonSfapg2pZxZ2Vw376yFdhKxaNxItZ3a3j24=",+      "subject": "CN=GeoTrust EV ECC CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0dlb1RydXN0IEVWIEVDQyBDQSAyMDE4",+      "whitelist": false,+      "attachment": {+        "hash": "76fd10b988ddc4d10ef675e1353505739b36be3396db70baccebfc087010c5f1",+        "size": 1390,+        "filename": "KZiLkK8HMbpxJlPzQa3CEz5YMCWvdd0o1cov4_NrxCA=.pem",+        "location": "security-state-staging/intermediates/0f71a53f-9fe4-41e8-bc4d-6053d563e69f.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "KZiLkK8HMbpxJlPzQa3CEz5YMCWvdd0o1cov4/NrxCA=",+      "crlite_enrolled": true,+      "id": "d0f17c7c-e4ae-4815-966e-de2dfd1be49e",+      "last_modified": 1647406641936+    },+    {+      "schema": 1647406127564,+      "derHash": "Go15Cvmys0191q9htapM8TgLhglcusK8qzW9Vm0BgMM=",+      "subject": "CN=Secure Site Extended Validation CA,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIlNlY3VyZSBTaXRlIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0E=",+      "whitelist": false,+      "attachment": {+        "hash": "8c560a22b1260bcb7f9b8c62c6d191f6064d6125f0146ef483820a79ada1e21a",+        "size": 1687,+        "filename": "GQ1NxZwFxMspL6F7W34V3JpBp8emVEoKYr5gy_rpnLc=.pem",+        "location": "security-state-staging/intermediates/6bf4e11e-3aa2-4af0-a5f5-ac98a4454b33.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "GQ1NxZwFxMspL6F7W34V3JpBp8emVEoKYr5gy/rpnLc=",+      "crlite_enrolled": true,+      "id": "9ad85c01-2205-4529-a221-9f9977a9a3d0",+      "last_modified": 1647406641924+    },+    {+      "schema": 1647406129298,+      "derHash": "k1abJqpTXj4HyJHGvS+p3Ak5wk20s3Jq2FMe2xfEl8o=",+      "subject": "CN=Thawte EV RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHjAcBgNVBAMTFVRoYXd0ZSBFViBSU0EgQ0EgMjAxOA==",+      "whitelist": false,+      "attachment": {+        "hash": "aa41f2f1317c4207a1ce000f100f89792938ebbd08ccc7367391461f45499ac8",+        "size": 1662,+        "filename": "LrLVqGD-UOnCQjaFUpgBUORdtTIaWwBeJtZ2JTpAm_U=.pem",+        "location": "security-state-staging/intermediates/d6fae8ae-c5f1-47b9-82bc-084bf846e9fe.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "LrLVqGD+UOnCQjaFUpgBUORdtTIaWwBeJtZ2JTpAm/U=",+      "crlite_enrolled": true,+      "id": "62d8fb8a-2660-4ea7-991d-107ab02539e5",+      "last_modified": 1647406641913+    },+    {+      "schema": 1647406127050,+      "derHash": "roIgH1ZeBDm39K1okydZTrl0pPeBsabL/tWb04IxfxM=",+      "subject": "CN=Thawte TLS ECC CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MF4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHTAbBgNVBAMTFFRoYXd0ZSBUTFMgRUNDIENBIEcx",+      "whitelist": false,+      "attachment": {+        "hash": "add9d8816c4153cd678d313dec7135ed32f3b5d71e1c1b6f73bf061cd4162394",+        "size": 1142,+        "filename": "Z2FuypjaQ1wWJ4YxsCzQZPBTleqi8I6cEO-bYvpiEQI=.pem",+        "location": "security-state-staging/intermediates/f2a22335-497e-40e7-830a-378eeea47a5b.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "Z2FuypjaQ1wWJ4YxsCzQZPBTleqi8I6cEO+bYvpiEQI=",+      "crlite_enrolled": true,+      "id": "e4a64544-b0f8-45bd-9a58-20355ebc5549",+      "last_modified": 1647406641902+    },+    {+      "schema": 1647406126704,+      "derHash": "sU1QiQecHY92SduaXTzvsarAb2avxJIlxb4qoZ/UGjU=",+      "subject": "CN=Entrust Certification Authority - L1N,OU=See www.entrust.net/legal-terms+OU=(c) 2014 Entrust\\, Inc. - for authorized use only,O=Entrust\\, Inc.,C=US",+      "subjectDN": "MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTQgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFO",+      "whitelist": false,+      "attachment": {+        "hash": "2a107eb8056c22e82435858002ab7da59ecfe298d1cafd19ef86a74343e7a1bb",+        "size": 2207,+        "filename": "vJyqpf--OgJrh0WkGBWAggmVgZ5-o9t2KvyRdPxvIhs=.pem",+        "location": "security-state-staging/intermediates/119f868d-4224-48fa-aca4-4e950d595c12.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "vJyqpf++OgJrh0WkGBWAggmVgZ5+o9t2KvyRdPxvIhs=",+      "crlite_enrolled": true,+      "id": "b03bf780-0b68-4f48-9034-834ec2d038db",+      "last_modified": 1647406641891+    },+    {+      "schema": 1647355730713,+      "derHash": "w4BN5R6MFwUiIK4crT04PlTVt9wohDxC8NvZkTwehlg=",+      "subject": "CN=Secure Site Pro Extended Validation ECC CA,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MHQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMzAxBgNVBAMTKlNlY3VyZSBTaXRlIFBybyBFeHRlbmRlZCBWYWxpZGF0aW9uIEVDQyBDQQ==",+      "whitelist": false,+      "attachment": {+        "hash": "0888b26cf00bcea2525da774e654b5c2ea18871782615c5140d3fb8b3541ab28",+        "size": 1463,+        "filename": "_Nqzn2CbpC436KXdkcnLpL18IA4yR1xWHjRW06xB_j8=.pem",+        "location": "security-state-staging/intermediates/8d999ad8-e345-4822-9bab-90e25accc007.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "/Nqzn2CbpC436KXdkcnLpL18IA4yR1xWHjRW06xB/j8=",+      "crlite_enrolled": false,+      "id": "7044462a-7235-4d46-9816-525da44a50c7",+      "last_modified": 1647376760212+    },+    {+      "schema": 1647355729782,+      "derHash": "vRk8R15OZ5OL7zQSK5i1WKKILn7ZQ2mmywETIO8VYjw=",+      "subject": "CN=AlwaysOnSSL TLS ECC CA G1,OU=Domain Validated SSL,O=CertCenter AG,C=DE",+      "subjectDN": "MGgxCzAJBgNVBAYTAkRFMRYwFAYDVQQKEw1DZXJ0Q2VudGVyIEFHMR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEiMCAGA1UEAxMZQWx3YXlzT25TU0wgVExTIEVDQyBDQSBHMQ==",+      "whitelist": false,+      "attachment": {+        "hash": "499064f03f4574c2c427e17330ae382a5058acecff6c7f5b7cbdc36b9933961b",+        "size": 1175,+        "filename": "0W9t3LKpNLN0CxCis6AJXuaxxouX1FIp8IEuXgow59U=.pem",+        "location": "security-state-staging/intermediates/f68d6d6e-b755-46b8-bb2c-3cd51783d68f.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "0W9t3LKpNLN0CxCis6AJXuaxxouX1FIp8IEuXgow59U=",+      "crlite_enrolled": false,+      "id": "484a309f-c38f-4673-b797-7cb431b40f5e",+      "last_modified": 1647376760204+    },+    {+      "schema": 1647355728800,+      "derHash": "qK0cJcxYCyEx/Mb8bWUTdG846pm9FiyBtcU5NJUXWxg=",+      "subject": "CN=STRATO TLS RSA CA,OU=Domain Validated SSL,O=STRATO AG,C=DE",+      "subjectDN": "MFwxCzAJBgNVBAYTAkRFMRIwEAYDVQQKEwlTVFJBVE8gQUcxHTAbBgNVBAsTFERvbWFpbiBWYWxpZGF0ZWQgU1NMMRowGAYDVQQDExFTVFJBVE8gVExTIFJTQSBDQQ==",+      "whitelist": false,+      "attachment": {+        "hash": "d4b8e211872849d13a1e260cdc06a24464432a0fa7627e3f666d44abf76f5a34",+        "size": 1654,+        "filename": "_MWDzTF0gP61A7lqJx1MUWKutcFHBAsAnAXlMwxjhKA=.pem",+        "location": "security-state-staging/intermediates/1930fc08-5dc1-4765-b773-cc763308de9b.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "/MWDzTF0gP61A7lqJx1MUWKutcFHBAsAnAXlMwxjhKA=",+      "crlite_enrolled": false,+      "id": "8fb8c000-9fe8-49dd-9c15-ac4bfdac08fb",+      "last_modified": 1647376760195+    },+    {+      "schema": 1647355727754,+      "derHash": "A2oY9fDrndXuAreFTfXDOEVgHYk5z7e2B/adFCwB2Qk=",+      "subject": "CN=TrustAsia TLS RSA CA G8,OU=Domain Validated SSL,O=TrustAsia Technologies\\, Inc.,C=CN",+      "subjectDN": "MHUxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEgMB4GA1UEAxMXVHJ1c3RBc2lhIFRMUyBSU0EgQ0EgRzg=",+      "whitelist": false,+      "attachment": {+        "hash": "cbb7a86cf96f690954bcd21bb8c71a00ef436ee942cd65831bf21c11cbc25909",+        "size": 1687,+        "filename": "rnv8EixdQFjoJF2hhedxVmsIlmFhW2jkp1llCWfHEvw=.pem",+        "location": "security-state-staging/intermediates/350bd8d3-2749-4c3e-a988-02288c0e6441.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "rnv8EixdQFjoJF2hhedxVmsIlmFhW2jkp1llCWfHEvw=",+      "crlite_enrolled": false,+      "id": "d4d9e729-0cc2-44c4-8964-b32181486d06",+      "last_modified": 1647376760186+    },+    {+      "schema": 1647355724829,+      "derHash": "MZiW45VNUQ2jpLdTh+jIcLO8LDIo2FUJFuvpq9y3+SE=",+      "subject": "CN=Oracle TLS RSA CA G1,OU=Organization Validated SSL,O=Oracle Corporation,C=US",+      "subjectDN": "MG4xCzAJBgNVBAYTAlVTMRswGQYDVQQKExJPcmFjbGUgQ29ycG9yYXRpb24xIzAhBgNVBAsTGk9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU1NMMR0wGwYDVQQDExRPcmFjbGUgVExTIFJTQSBDQSBHMQ==",+      "whitelist": false,+      "attachment": {+        "hash": "450ac021db301c37c528daccbe40e94f74a28f7ae6f6ba039650b6aae3c3d13e",+        "size": 1678,+        "filename": "92UUNzSFrSZZ2mG20rm7eFX2MV_e3zCq8ck0jTA9zMw=.pem",+        "location": "security-state-staging/intermediates/393f3a10-429e-4ce1-845e-2beac5162af1.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "92UUNzSFrSZZ2mG20rm7eFX2MV/e3zCq8ck0jTA9zMw=",+      "crlite_enrolled": false,+      "id": "66444cbb-0d77-4545-aeac-9f96adedc3a3",+      "last_modified": 1647376760160+    },+    {+      "schema": 1647355722905,+      "derHash": "KkG6gZ62Elr1y0uLDp6VTs55jCp+5D3Nr305WYfE1VI=",+      "subject": "CN=AlwaysOnSSL TLS RSA CA G1,OU=Domain Validated SSL,O=CertCenter AG,C=DE",+      "subjectDN": "MGgxCzAJBgNVBAYTAkRFMRYwFAYDVQQKEw1DZXJ0Q2VudGVyIEFHMR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEiMCAGA1UEAxMZQWx3YXlzT25TU0wgVExTIFJTQSBDQSBHMQ==",+      "whitelist": false,+      "attachment": {+        "hash": "60ae06b06554f13d49fcd4ab75f5917d8c57dc17bd11f157428e11c66db10d22",+        "size": 1670,+        "filename": "DOdL2thyQw2ljWo5qhqUbm1_3EZBtYXxLKw14G9PO30=.pem",+        "location": "security-state-staging/intermediates/236d592d-f7d5-465e-984d-3511d1792286.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "DOdL2thyQw2ljWo5qhqUbm1/3EZBtYXxLKw14G9PO30=",+      "crlite_enrolled": false,+      "id": "008c16c8-e2f9-4205-b90d-97ce5e46862c",+      "last_modified": 1647376760143+    },+    {+      "schema": 1647355720132,+      "derHash": "sayM+xgbnJNU4Xdfy9/P54mMXMmhfXYxW1fBEu7lUjQ=",+      "subject": "CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US",+      "subjectDN": "MG4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBHMg==",+      "whitelist": false,+      "attachment": {+        "hash": "c75d6fc5179d7bb7baea5ffe48d9fda3810fdcb1340a3ca83e1e7b97a4af6478",+        "size": 1678,+        "filename": "gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX-qzRMqb9Xoa1w=.pem",+        "location": "security-state-staging/intermediates/de3a4a27-9c47-4b4a-978f-e8d3aadc9b3d.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "gxeKFFaZ2HFJIsTdTjEl6nVo3ckTCX+qzRMqb9Xoa1w=",+      "crlite_enrolled": false,+      "id": "6e35ba55-d2c3-4701-8e11-9d023cee4140",+      "last_modified": 1647376760114+    },+    {+      "schema": 1647355719183,+      "derHash": "9/veuCvpnUHNykGfyRhZ0+UobAdiBODpA9Z4uyE+2Js=",+      "subject": "CN=Hostpoint TLS RSA CA,OU=Domain Validated SSL,O=Hostpoint AG,C=CH",+      "subjectDN": "MGIxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxIb3N0cG9pbnQgQUcxHTAbBgNVBAsTFERvbWFpbiBWYWxpZGF0ZWQgU1NMMR0wGwYDVQQDExRIb3N0cG9pbnQgVExTIFJTQSBDQQ==",+      "whitelist": false,+      "attachment": {+        "hash": "e06a612c20a2679cb1522f8e77265194fd2509fa105e19f74503f5f6e26acc68",+        "size": 1662,+        "filename": "Q5l5uNBWZnOf3EnCFMK3ciNhPZboa_YPtUtL6yZ_DvU=.pem",+        "location": "security-state-staging/intermediates/699e988e-5291-4075-86bd-3e5b69bb9553.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "Q5l5uNBWZnOf3EnCFMK3ciNhPZboa/YPtUtL6yZ/DvU=",+      "crlite_enrolled": false,+      "id": "d685f4b6-0528-48c0-95fe-4fa3050ce971",+      "last_modified": 1647376760106+    },+    {+      "schema": 1647355715297,+      "derHash": "h38kznD0owR+TqcL7BvDG+m2Uzrf86OT/5v7PIEClEY=",+      "subject": "CN=TrustAsia TLS ECC CA G9,OU=Domain Validated SSL,O=TrustAsia Technologies\\, Inc.,C=CN",+      "subjectDN": "MHUxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEgMB4GA1UEAxMXVHJ1c3RBc2lhIFRMUyBFQ0MgQ0EgRzk=",+      "whitelist": false,+      "attachment": {+        "hash": "619365f9c59d0f0dcfcb64ba525d68621f75fadebe181e15429e3dc854262b7c",+        "size": 1191,+        "filename": "z_Y0aMrBs7J0RBthUJnRbIqFivDK0vBrLe1Q3OF0GjQ=.pem",+        "location": "security-state-staging/intermediates/42a61717-4f98-46d0-b662-78febf5ba323.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "z/Y0aMrBs7J0RBthUJnRbIqFivDK0vBrLe1Q3OF0GjQ=",+      "crlite_enrolled": false,+      "id": "50846adc-e121-40f2-b176-43cc90696068",+      "last_modified": 1647376760070+    },+    {+      "schema": 1647046118886,+      "derHash": "AgcFbRcsgL37bcRb6eWAiEYHjR5u7xtu1wJZqzMqZME=",+      "subject": "CN=Cybertrust Japan SureServer CA G4,O=Cybertrust Japan Co.\\, Ltd.,C=JP",+      "subjectDN": "MF4xCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEqMCgGA1UEAxMhQ3liZXJ0cnVzdCBKYXBhbiBTdXJlU2VydmVyIENBIEc0",+      "whitelist": false,+      "attachment": {+        "hash": "d14576fded8dc8bc2c5e4595b2e25160155f8f967c80541b129ff564174309bd",+        "size": 1768,+        "filename": "rS4Ex7fMz9dQhgdB6qjxP-jJJQwjIeb-7RhvvdO6xy8=.pem",+        "location": "security-state-staging/intermediates/b6d9843d-8dea-45b8-acba-752b6481c4e7.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "rS4Ex7fMz9dQhgdB6qjxP+jJJQwjIeb+7RhvvdO6xy8=",+      "crlite_enrolled": true,+      "id": "354eb83b-1260-4775-bce0-910a0a18ed75",+      "last_modified": 1647053840421+    },+    {+      "schema": 1647046119053,+      "derHash": "/s6a2nqknU/qnv8SNUIJWogMAE/Wkz+TZLArLjV06jg=",+      "subject": "CN=Cybertrust Japan SureServer EV CA G3,O=Cybertrust Japan Co.\\, Ltd.,C=JP",+      "subjectDN": "MGExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEtMCsGA1UEAxMkQ3liZXJ0cnVzdCBKYXBhbiBTdXJlU2VydmVyIEVWIENBIEcz",+      "whitelist": false,+      "attachment": {+        "hash": "442ad2ef3f029c8ae0616647479fbe53d99e0e9ed017c893d2b5952cbf146f8f",+        "size": 1772,+        "filename": "zJoepoy-7XeJoRmjbR7_i8oZ1WEujOKGTD9NNM0uWHM=.pem",+        "location": "security-state-staging/intermediates/c3ae4321-0501-4974-bae5-2038e257036c.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "zJoepoy+7XeJoRmjbR7/i8oZ1WEujOKGTD9NNM0uWHM=",+      "crlite_enrolled": true,+      "id": "477f5a61-5c31-42a4-89b0-4e49b54028ef",+      "last_modified": 1647053840410+    },+    {+      "schema": 1647046118470,+      "derHash": "f9KDd8h8iY6QlMk+oAvxB6vhHbgLPYXitKZiaXaBI1s=",+      "subject": "CN=E-Tugra TLS RSA SubCA R1,O=E-TUGRA EBG BILISIM TEKNOLOJILERI VE HIZMETLERI ANONIM SIRKETI,C=TR",+      "subjectDN": "MHkxCzAJBgNVBAYTAlRSMUcwRQYDVQQKDD5FLVRVR1JBIEVCRyBCSUxJU0lNIFRFS05PTE9KSUxFUkkgVkUgSElaTUVUTEVSSSBBTk9OSU0gU0lSS0VUSTEhMB8GA1UEAwwYRS1UdWdyYSBUTFMgUlNBIFN1YkNBIFIx",+      "whitelist": false,+      "attachment": {+        "hash": "2dac60312de5300958bd47f4cf65799e062b7861212409e3dfab3972ca44134d",+        "size": 2414,+        "filename": "RT5Ru4yVpA814R-GLXv9mePZqXwAfupz-ZXLpFuW_-M=.pem",+        "location": "security-state-staging/intermediates/72424459-dd4e-4ca8-a116-1dcd4011b79b.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "RT5Ru4yVpA814R+GLXv9mePZqXwAfupz+ZXLpFuW/+M=",+      "crlite_enrolled": true,+      "id": "ac0d3d15-c0f0-49ea-be15-8fe48af92b99",+      "last_modified": 1647053840399+    },+    {+      "schema": 1646967480864,+      "derHash": "fvP4lFbOY2VXsgxd+zf5jCU6C2YNLp5eeEXK+cA4x8E=",+      "subject": "CN=SHECA EV Server CA G3,O=UniTrust,C=CN",+      "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRVYgU2VydmVyIENBIEcz",+      "whitelist": false,+      "attachment": {+        "hash": "b11897cb46ef64d1a0bce0acb7e1da9d5d9319cb8cb0a1441d46af6510bd2188",+        "size": 2003,+        "filename": "a_eZydK7TPcC6VQUFv_ek8Goclpip8HIQF3iyBC1v9Y=.pem",+        "location": "security-state-staging/intermediates/9a95e108-34b7-4a4a-9fd4-65e6fe531f0f.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "a/eZydK7TPcC6VQUFv/ek8Goclpip8HIQF3iyBC1v9Y=",+      "crlite_enrolled": true,+      "id": "0cbd2855-9acf-477f-a083-016847b4753a",+      "last_modified": 1647053840388+    },+    {+      "schema": 1646966924057,+      "derHash": "AYGythcxeVYudWMjRAN8pSMBhhin9xaCaaPrhTZ/91w=",+      "subject": "CN=DigiCert Assured ID Grid TLS RSA2048 SHA256 2022 CA1,O=DigiCert\\, Inc.,C=US",+      "subjectDN": "MGUxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE9MDsGA1UEAxM0RGlnaUNlcnQgQXNzdXJlZCBJRCBHcmlkIFRMUyBSU0EyMDQ4IFNIQTI1NiAyMDIyIENBMQ==",+      "whitelist": false,+      "attachment": {+        "hash": "7f8f0eacf04c02686bfe08a2ccff1727606d8cbdee3d30408f7ee475b68600a3",+        "size": 1804,+        "filename": "_SfSGxeP1MQb2mpICOc8KzfYSH77KMzIMbCgylDKpPc=.pem",+        "location": "security-state-staging/intermediates/4e91bcaa-5473-4b40-8c61-3bb878424076.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "/SfSGxeP1MQb2mpICOc8KzfYSH77KMzIMbCgylDKpPc=",+      "crlite_enrolled": false,+      "id": "a5acb099-b5f7-485c-a851-34cf19a7efc6",+      "last_modified": 1646967480339+    },+    {+      "schema": 1646751472958,+      "derHash": "G095TXcNxuBdx6QVhFD4JZVy621Z3mZ6PD++CNoBJIE=",+      "subject": "CN=Global Trust CA - OV (RSA),O=Global Digital Inc.,C=TW",+      "subjectDN": "MFAxCzAJBgNVBAYTAlRXMRwwGgYDVQQKExNHbG9iYWwgRGlnaXRhbCBJbmMuMSMwIQYDVQQDExpHbG9iYWwgVHJ1c3QgQ0EgLSBPViAoUlNBKQ==",+      "whitelist": false,+      "attachment": {+        "hash": "136048afa3b294583ccc15f0a0a6102dcca6cc9bf7d5c19811460c54c4e79fce",+        "size": 2089,+        "filename": "K6VGZ_ktzZYufpj5GSQX1fCds5dLtjs5vlSRcV-Oe8U=.pem",+        "location": "security-state-staging/intermediates/002c6e58-6238-435b-9b0d-7b0691d17ed4.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "K6VGZ/ktzZYufpj5GSQX1fCds5dLtjs5vlSRcV+Oe8U=",+      "crlite_enrolled": false,+      "id": "d6d94677-fd6d-4901-bbae-6817f8abcd97",+      "last_modified": 1646881071888+    },+    {+      "schema": 1646449055023,+      "derHash": "YO9BLqvnw/xjme7RtjO3d3R1FbKdchuWPdJYvEmKspI=",+      "subject": "CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US",+      "subjectDN": "MH8xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTQwMgYDVQQDDCtTU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRUND",+      "whitelist": false,+      "attachment": {+        "hash": "ab3dfad3dda55fb2c174fabf92fc81f2757e57a915b1f78f5483d12dfaf50f76",+        "size": 1821,+        "filename": "NIdnza073SiyuN1TUa7DDGjOxc1p0nbfOCfbxPWAZGQ=.pem",+        "location": "security-state-staging/intermediates/734df71e-5087-4844-aa75-47d2809181f8.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "NIdnza073SiyuN1TUa7DDGjOxc1p0nbfOCfbxPWAZGQ=",+      "crlite_enrolled": false,+      "id": "b512360d-9f2f-4206-97ac-09aa8d521233",+      "last_modified": 1646513861708+    },+    {+      "schema": 1646513357696,+      "derHash": "rPcY34OOZABRd30ZR/UWIOjYBLoYZVOuUvyYEbXTS4s=",+      "subject": "CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US",+      "subjectDN": "MHwxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTEwLwYDVQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNB",+      "whitelist": false,+      "attachment": {+        "hash": "0be6061408140698708a3d3cb24d39ad6416effde544c39b9e52f40a1b6fe9cf",+        "size": 2085,+        "filename": "0cRTd-vc1hjNFlHcLgLCHXUeWqn80bNDH_bs9qMTSPo=.pem",+        "location": "security-state-staging/intermediates/a9cbcbd0-800f-442e-8f52-903325a5ee23.pem",+        "mimetype": "application/x-pem-file"+      },+      "pubKeyHash": "0cRTd+vc1hjNFlHcLgLCHXUeWqn80bNDH/bs9qMTSPo=",+      "crlite_enrolled": false,+      "id": "60def2d8-d623-4952-91b9-30913d09f7b4",+      "last_modified": 1646513861696+    },+    {+      "schema": 1646513358832,+      "derHash": "BrlyKmmcV9/xhp9DC0ebtutJquEYTqycUyXBM0o06kw=",+      "subject": "CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US",+      "subjectDN": "MHwxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTEwLwYDVQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRUND",

Based on the provided diff, this appears to be an update to the intermediate certificate authorities list in Firefox. The diff shows numerous additions of new intermediate certificates, but I don't see any security vulnerabilities being fixed - it's just an update to the certificate store.

Here's the analysis:

Vulnerability Existed: no
[No security vulnerability found] [services/settings/dumps/security-state/intermediates.json] [All lines]
[Old Code] - Empty certificate list
[Fixed Code] - Added numerous intermediate certificates

The changes consist entirely of adding new intermediate CA certificates to Firefox's trusted store. There are no code changes that would indicate security fixes - just additions to the certificate list.

Some observations:
1. The diff shows adding 100+ new intermediate certificates from various CAs worldwide
2. Many certificates are marked with crlite_enrolled=false, meaning they're not yet enrolled in CRLite (Firefox's certificate revocation system)
3. No certificates appear to be removed or modified - only additions
4. The changes follow standard certificate list update patterns

This appears to be a routine update to Firefox's certificate store rather than a security fix.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/build/clang-plugin/CanRunScriptChecker.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/build/clang-plugin/CanRunScriptChecker.cpp@@ -84,7 +84,9 @@   auto KnownLiveMemberOfParam =       memberExpr(hasKnownLiveAnnotation(),-                 hasObjectExpression(ignoreTrivials(KnownLiveParam)));+                 hasObjectExpression(anyOf(+                     ignoreTrivials(KnownLiveParam),+                     declRefExpr(to(varDecl(hasAutomaticStorageDuration()))))));   // A matcher that matches various things that are known to be live directly,   // without making any assumptions about operators.@@ -111,11 +113,17 @@       // example).  For purposes of this analysis we are assuming the method       // calls on smart ptrs all just return the pointer inside,       cxxMemberCallExpr(-          on(allOf(hasType(isSmartPtrToRefCounted()), KnownLiveBase))),+          on(anyOf(allOf(hasType(isSmartPtrToRefCounted()), KnownLiveBase),+                   // Allow it if calling a member method which is marked as+                   // MOZ_KNOWN_LIVE+                   KnownLiveMemberOfParam))),       // operator* or operator-> on a thing that is already known to be live.-      cxxOperatorCallExpr(anyOf(hasOverloadedOperatorName("*"),-                                hasOverloadedOperatorName("->")),-                          hasAnyArgument(KnownLiveBase), argumentCountIs(1)),+      cxxOperatorCallExpr(+          anyOf(hasOverloadedOperatorName("*"),+                hasOverloadedOperatorName("->")),+          hasAnyArgument(+              anyOf(KnownLiveBase, ignoreTrivials(KnownLiveMemberOfParam))),+          argumentCountIs(1)),       // A dereference on a thing that is known to be live.  This is _not_       // caught by the "operator* or operator->" clause above, because       // cxxOperatorCallExpr() only catches cases when a class defines@@ -244,6 +252,21 @@       return;   } else {     Func = Result.Nodes.getNodeAs<FunctionDecl>("canRunScriptFunction");++    const char *ErrorAttrInDefinition =+        "MOZ_CAN_RUN_SCRIPT must be put in front "+        "of the declaration, not the definition";+    const char *NoteAttrInDefinition = "The first declaration exists here";+    if (!Func->isFirstDecl() &&+        !hasCustomAttribute<moz_can_run_script_for_definition>(Func)) {+      const FunctionDecl *FirstDecl = Func->getFirstDecl();+      if (!hasCustomAttribute<moz_can_run_script>(FirstDecl)) {+        Checker.diag(Func->getLocation(), ErrorAttrInDefinition,+                     DiagnosticIDs::Error);+        Checker.diag(FirstDecl->getLocation(), NoteAttrInDefinition,+                     DiagnosticIDs::Note);+      }+    }   }   CanRunScriptFuncs.insert(Func);

Here's the security analysis following the specified format:

1. Vulnerability Existed: not sure
[Potential Incorrect Smart Pointer Handling] [build/clang-plugin/CanRunScriptChecker.cpp] [Lines 84-86, 111-117, 123-125]
[Old Code]
auto KnownLiveMemberOfParam =
    memberExpr(hasKnownLiveAnnotation(),
               hasObjectExpression(ignoreTrivials(KnownLiveParam)));

cxxMemberCallExpr(
    on(allOf(hasType(isSmartPtrToRefCounted()), KnownLiveBase))),
cxxOperatorCallExpr(anyOf(hasOverloadedOperatorName("*"),
                      hasOverloadedOperatorName("->")),
                    hasAnyArgument(KnownLiveBase), argumentCountIs(1)),

[Fixed Code]
auto KnownLiveMemberOfParam =
    memberExpr(hasKnownLiveAnnotation(),
               hasObjectExpression(anyOf(
                   ignoreTrivials(KnownLiveParam),
                   declRefExpr(to(varDecl(hasAutomaticStorageDuration()))))));

cxxMemberCallExpr(
    on(anyOf(allOf(hasType(isSmartPtrToRefCounted()), KnownLiveBase),
             KnownLiveMemberOfParam))),
cxxOperatorCallExpr(
    anyOf(hasOverloadedOperatorName("*"),
          hasOverloadedOperatorName("->")),
    hasAnyArgument(
        anyOf(KnownLiveBase, ignoreTrivials(KnownLiveMemberOfParam))),
    argumentCountIs(1)),

2. Vulnerability Existed: yes
[Missing MOZ_CAN_RUN_SCRIPT Attribute Validation] [build/clang-plugin/CanRunScriptChecker.cpp] [Lines 244-252]
[Old Code]
} else {
  Func = Result.Nodes.getNodeAs<FunctionDecl>("canRunScriptFunction");
}

[Fixed Code]
} else {
  Func = Result.Nodes.getNodeAs<FunctionDecl>("canRunScriptFunction");

  const char *ErrorAttrInDefinition =
      "MOZ_CAN_RUN_SCRIPT must be put in front "
      "of the declaration, not the definition";
  const char *NoteAttrInDefinition = "The first declaration exists here";
  if (!Func->isFirstDecl() &&
      !hasCustomAttribute<moz_can_run_script_for_definition>(Func)) {
    const FunctionDecl *FirstDecl = Func->getFirstDecl();
    if (!hasCustomAttribute<moz_can_run_script>(FirstDecl)) {
      Checker.diag(Func->getLocation(), ErrorAttrInDefinition,
                   DiagnosticIDs::Error);
      Checker.diag(FirstDecl->getLocation(), NoteAttrInDefinition,
                   DiagnosticIDs::Note);
    }
  }
}

The first change appears to be improving smart pointer handling and member access validation, but it's not clear if this was fixing a specific vulnerability or just improving robustness. The second change clearly addresses a potential security issue by enforcing proper placement of the MOZ_CAN_RUN_SCRIPT attribute, which is important for security-sensitive function marking in Firefox.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-pseudo/first-letter-004.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-pseudo/first-letter-004.html@@ -6,7 +6,6 @@     <link rel="author" title="Chris Nardi" href="mailto:[email protected]">     <link rel="match" href="first-letter-004-ref.html">     <link rel="help" href="https://drafts.csswg.org/css-pseudo-4/#first-letter-pseudo">-    <meta name="flags" content="">     <meta name="assert" content="Test checks that punctuation and letters with combining characters still have proper ::first-letter styling.">     <style>         div {

Based on the provided code diff, I'll analyze it for security vulnerabilities:

1. Vulnerability Existed: no
   No specific vulnerability found [File] testing/web-platform/tests/css/css-pseudo/first-letter-004.html [Lines] 6
   [Old Code]
   <meta name="flags" content="">
   [Fixed Code]
   (line removed)

Additional Details:
- The change simply removes an empty meta tag for "flags" which doesn't appear to have any security implications
- This looks like a test file cleanup rather than a security fix
- No known vulnerability patterns are present in this change
- The modification doesn't affect any security-sensitive functionality

The diff shows only a minor HTML cleanup change with no apparent security impact. The removed meta tag was empty and likely unused in the test context.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/browser/themes/shared/customizableui/panelUI.inc.css+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/browser/themes/shared/customizableui/panelUI.inc.css@@ -4,29 +4,14 @@ %filter substitution-%define menuPanelWidth 22.35em-%define wideMenuPanelWidth 29em-%define standaloneSubviewWidth 30em-%define buttonStateHoverOrFocus :not([disabled],[open],:active):is(:hover,:focus-visible) %define buttonStateHover :not([disabled],[open],:active):is(:hover)-%define buttonStateFocus :not([disabled],[open],:active):focus-visible %define menuStateHover :not([disabled],:active)[_moz-menuactive] %define buttonStateActive :not([disabled]):is([open],:hover:active) %define menuStateActive :not([disabled])[_moz-menuactive]:active %define menuStateMenuActive :not([disabled])[_moz-menuactive] %define inAnyPanel :is(:not([cui-areatype="toolbar"]), [overflowedItem=true])-%define panelPaletteIconSize 16px--%define appmenuWarningBackgroundColor #FFEFBF-%define appmenuWarningBackgroundColorHover #FFE8A2-%define appmenuWarningBackgroundColorActive #FFE38F-%define appmenuWarningColor black-%define appmenuWarningBorderColor hsl(45,100%,77%)- :root {-  --panelview-toolbarbutton-focus-box-shadow: inset 0 0 0 2px var(--focus-outline-color);-   --panel-item-hover-bgcolor: var(--button-hover-bgcolor);   --panel-item-active-bgcolor: var(--button-active-bgcolor);   --panel-banner-item-color: var(--button-color);@@ -35,6 +20,9 @@   --panel-banner-item-active-bgcolor: var(--button-active-bgcolor);   --panel-banner-item-update-supported-bgcolor: #2AC3A2;   --panel-banner-item-info-icon-bgcolor: #0090ED;++  --menu-panel-width: 22.35em;+  --menu-panel-width-wide: 29em;   --arrowpanel-menuitem-margin: 0 8px;   --arrowpanel-menuitem-padding-block: 8px;@@ -45,6 +33,8 @@   --panel-separator-margin-horizontal: 8px;   --panel-separator-margin: var(--panel-separator-margin-vertical) var(--panel-separator-margin-horizontal);   --panel-subview-body-padding: 8px 0;++  --panel-and-palette-icon-size: 16px; } :root:not(:-moz-lwtheme) {@@ -207,13 +197,17 @@   visibility: hidden; }-.panel-info-button@buttonStateHoverOrFocus@ {+.panel-info-button:hover {   background-color: var(--panel-item-hover-bgcolor); } .panel-info-button:not(:hover)[checked],-.panel-info-button@buttonStateActive@ {+.panel-info-button:hover:active {   background-color: var(--panel-item-active-bgcolor);+}++.panel-info-button:focus-visible {+  outline: var(--focus-outline); } .panel-info-button > image {@@ -231,7 +225,7 @@ } #BMB_bookmarksPopup {-  max-width: @standaloneSubviewWidth@;+  max-width: 30em; } #BMB_bookmarksPopup menupopup {@@ -384,20 +378,20 @@ } #customizationui-widget-multiview panelview:not([extension]) {-  min-width: @menuPanelWidth@;+  min-width: var(--menu-panel-width);   max-width: 35em; } #customizationui-widget-multiview #appMenu-libraryView, #pageActionPanel panelview, #widget-overflow panelview {-  min-width: @wideMenuPanelWidth@;-  max-width: @wideMenuPanelWidth@;+  min-width: var(--menu-panel-width-wide);+  max-width: var(--menu-panel-width-wide); } /* Add 2 * 16px extra width for touch mode button padding. */ #appMenu-popup[touchmode] panelview {-  min-width: calc(@menuPanelWidth@ + 32px);+  min-width: calc(var(--menu-panel-width) + 32px); } .toolbaritem-combined-buttons@inAnyPanel@ > toolbarbutton > .toolbarbutton-icon {@@ -433,8 +427,8 @@ toolbarpaletteitem[place="palette"] > toolbarbutton[constrain-size="true"] > .toolbarbutton-badge-stack > .toolbarbutton-icon, toolbarbutton[constrain-size="true"][cui-areatype="menu-panel"] > .toolbarbutton-icon, toolbarbutton[constrain-size="true"][cui-areatype="menu-panel"] > .toolbarbutton-badge-stack > .toolbarbutton-icon {-  height: @panelPaletteIconSize@;-  width: @panelPaletteIconSize@;+  height: var(--panel-and-palette-icon-size);+  width: var(--panel-and-palette-icon-size); } #customization-palette .toolbarbutton-1 {@@ -448,10 +442,10 @@ /* badge itself is positioned correctly. Here we make sure that the icon itself /* has the minimum size we want, but no padding/margin. */ .customization-palette .toolbarbutton-1 > .toolbarbutton-badge-stack > .toolbarbutton-icon {-  width: @panelPaletteIconSize@;-  height: @panelPaletteIconSize@;-  min-width: @panelPaletteIconSize@;-  min-height: @panelPaletteIconSize@;+  width: var(--panel-and-palette-icon-size);+  height: var(--panel-and-palette-icon-size);+  min-width: var(--panel-and-palette-icon-size);+  min-height: var(--panel-and-palette-icon-size);   margin: 0;   padding: 0; }@@ -474,13 +468,7 @@ } .addon-banner-item {-  background-color: @appmenuWarningBackgroundColor@;-  color: @appmenuWarningColor@;   display: flex;-  flex: 1 1 0%;-  width: calc(@menuPanelWidth@ + 30px);-  padding-inline-start: 15px;-  border-inline-start-style: none;   -moz-image-region: rect(0, 16px, 16px, 0); }@@ -554,23 +542,6 @@ /* Error states */-:root[fxastatus="login-failed"] .fxa-menu-header,-:root[fxastatus="unverified"] .fxa-menu-header {-  background-color: @appmenuWarningBackgroundColor@;-  color: @appmenuWarningColor@;-  border-block: 1px solid @appmenuWarningBorderColor@;-}--:root[fxastatus="login-failed"] .fxa-menu-header:hover,-:root[fxastatus="unverified"] .fxa-menu-header:hover {-  background-color: @appmenuWarningBackgroundColorHover@;-}--:root[fxastatus="login-failed"] .fxa-menu-header:hover:active,-:root[fxastatus="unverified"] .fxa-menu-header:hover:active {-  background-color: @appmenuWarningBackgroundColorActive@;-}- #appMenu-fxa-status2 {   display: flex; }@@ -665,8 +636,6 @@ .addon-banner-item {   flex: 1;-  padding-inline-start: 15px;-  border-inline-start-style: none;   padding-inline: 0;   width: auto; }@@ -720,10 +689,6 @@ %else   font-weight: 300; %endif-}--.fxa-menu-header {-  padding-block: 8px 4px; } #fxa-menu-header-title {@@ -992,10 +957,6 @@   -moz-box-pack: start; }-.subviewbutton:focus {-  outline: 0;-}- .subviewbutton[disabled="true"] {   color: var(--panel-disabled-color); }@@ -1055,18 +1016,24 @@   fill: currentColor; }-#appMenu-zoomReduce-button2@buttonStateHoverOrFocus@,-#appMenu-zoomReduce-button2@buttonStateActive@,-#appMenu-zoomReset-button2@buttonStateHoverOrFocus@,-#appMenu-zoomReset-button2@buttonStateActive@,-#appMenu-zoomEnlarge-button2@buttonStateHoverOrFocus@,-#appMenu-zoomEnlarge-button2@buttonStateActive@,-#appMenu-fullscreen-button2@buttonStateHoverOrFocus@,-#appMenu-fullscreen-button2@buttonStateActive@ {+#appMenu-zoom-controls2 > .subviewbutton {+  margin-inline-start: 2px;+  padding: 4px;+}++#appMenu-zoom-controls2 > .subviewbutton:is(@buttonStateHover@, @buttonStateActive@) {   color: unset;   background-color: unset;-  box-shadow: unset;- }+}++#appMenu-zoom-controls2 > .subviewbutton:focus-visible {+  outline: none;+}++#appMenu-zoom-controls2 > .subviewbutton-iconic:focus-visible > .toolbarbutton-icon,+#appMenu-zoomReset-button2:focus-visible > .toolbarbutton-text {+  outline: var(--focus-outline);+} #appMenu-zoomReduce-button2 > .toolbarbutton-icon, #appMenu-zoomEnlarge-button2 > .toolbarbutton-icon {@@ -1104,20 +1071,6 @@ #appMenu-zoomReduce-button2@buttonStateActive@ > .toolbarbutton-icon, #appMenu-zoomEnlarge-button2@buttonStateActive@ > .toolbarbutton-icon {   stroke: var(--panel-item-active-bgcolor);-}--#appMenu-zoomReset-button2@buttonStateFocus@ > .toolbarbutton-text,-#appMenu-fullscreen-button2@buttonStateFocus@ > .toolbarbutton-icon {-  box-shadow: var(--panelview-toolbarbutton-focus-box-shadow);-}-#appMenu-zoomReduce-button2@buttonStateFocus@ > .toolbarbutton-icon,-#appMenu-zoomEnlarge-button2@buttonStateFocus@ > .toolbarbutton-icon {-  outline: var(--focus-outline);-}--#appMenu-zoom-controls2 > .subviewbutton {-  margin-inline-start: 2px;-  padding: 4px 4px; } /* We don't always display: none this item, and if it has forced width (like above)@@ -1273,22 +1226,16 @@   margin-top: 6px; }-/**- * Focus uses a box-shadow because we want the stroke to be- * internal to the rect without affecting the surrounding layout. This- * seemed to be the simplest way to do that.- */-panelview .toolbarbutton-1@buttonStateFocus@,-toolbarbutton.subviewbutton@buttonStateFocus@,-.navigable.subviewbutton@buttonStateFocus@,-.widget-overflow-list .toolbarbutton-1@buttonStateFocus@,-.toolbaritem-combined-buttons@inAnyPanel@ > toolbarbutton@buttonStateFocus@ {-  box-shadow: var(--panelview-toolbarbutton-focus-box-shadow);+panelview .toolbarbutton-1:focus-visible,+toolbarbutton.subviewbutton:focus-visible,+.widget-overflow-list .toolbarbutton-1:focus-visible,+.toolbaritem-combined-buttons@inAnyPanel@ > toolbarbutton:focus-visible {+  outline: var(--focus-outline);+  outline-offset: calc(var(--focus-outline-width) * -1); } panelview .toolbarbutton-1@buttonStateHover@, toolbarbutton.subviewbutton@buttonStateHover@,-.navigable.subviewbutton@buttonStateHover@, menu.subviewbutton@menuStateHover@, #PlacesToolbar menuitem@menuStateHover@, #PlacesToolbar menu@menuStateHover@,@@ -1306,7 +1253,6 @@ panelview .toolbarbutton-1@buttonStateActive@, toolbarbutton.subviewbutton@buttonStateActive@,-.navigable.subviewbutton@buttonStateActive@, menu.subviewbutton@menuStateActive@, #PlacesToolbar menuitem@menuStateActive@, #PlacesToolbar menu@menuStateActive@,@@ -1475,7 +1421,7 @@ } .widget-overflow-list {-  width: @wideMenuPanelWidth@;+  width: var(--menu-panel-width-wide); } /* In customize mode, the overflow list is constrained by its container,@@ -1488,7 +1434,7 @@ toolbaritem[overflowedItem=true], .widget-overflow-list .toolbarbutton-1 {   width: 100%;-  max-width: @wideMenuPanelWidth@;+  max-width: var(--menu-panel-width-wide);   background-repeat: no-repeat;   background-position: 0 center; }@@ -1560,7 +1506,7 @@   border: 1px solid transparent; }-.subviewradio@buttonStateHoverOrFocus@ {+.subviewradio@buttonStateHover@ {   background-color: var(--button-hover-bgcolor); }@@ -1568,6 +1514,14 @@ .subviewradio[selected]:hover, .subviewradio@buttonStateActive@ {   background-color: var(--button-active-bgcolor);+}++radiogroup:focus-visible > .subviewradio[focused="true"] {+  outline: var(--focus-outline);+}++radiogroup:focus-visible > .subviewradio[focused="true"] > .radio-label-box {+  outline: none; } .subviewradio > .radio-check {@@ -1654,6 +1608,11 @@   background-color: var(--buttons-destructive-active-bgcolor); }+#PanelUI-panic-view-button:focus-visible {+  outline: var(--focus-outline);+  outline-offset: var(--focus-outline-offset);+}+ #PanelUI-panic-view-button > .toolbarbutton-text {   text-align: center;   text-shadow: none;@@ -1751,7 +1710,7 @@ /* What's New panel */ #customizationui-widget-multiview #PanelUI-whatsNew {-  max-width: @menuPanelWidth@;+  max-width: var(--menu-panel-width); } #protections-popup-main-header-label {@@ -1948,12 +1907,7 @@   text-decoration: underline; }-#PanelUI-whatsNew .text-link:focus {-  color: #0a84ff;-  text-decoration: underline;-}--#PanelUI-whatsNew .text-link:active {+#PanelUI-whatsNew .text-link:hover:active {   color: #0060df; }@@ -1967,9 +1921,7 @@ .PanelUI-profiler-button-link {   appearance: none;   font-size: inherit;-  cursor: pointer;   min-width: 0;-  text-decoration: underline; } .PanelUI-profiler-button-link .button-text {@@ -2056,7 +2008,7 @@ } .PanelUI-profiler-description-title {-  font-size: 16px;+  font-size: 1.3em;   font-weight: bold;   margin: 6px 15px; }@@ -2070,14 +2022,8 @@   color: #fff; }-#PanelUI-profiler-learn-more:active {+#PanelUI-profiler-learn-more:hover:active {   color: #fffc;-}--#PanelUI-profiler-learn-more:focus {-  box-shadow: 0 0 0 2px #fff, 0 0 0 6px rgba(255, 255, 255, 0.3);-  border-radius: 2px;-  text-decoration: none; } #PanelUI-profiler-presets {@@ -2086,38 +2032,24 @@ #PanelUI-profiler-content-edit-settings {   margin: 0 15px;-  color: #0046A4;-  text-decoration: none;-  font-size: 12px;-}--:root[lwt-popup-brighttext] #PanelUI-profiler-content-edit-settings {-  color: #76B1FF;-}--#PanelUI-profiler-content-edit-settings:hover,-#PanelUI-profiler-content-edit-settings:active,-#PanelUI-profiler-content-edit-settings:focus {-  text-decoration: underline;+  font-size: .9em; } .PanelUI-profiler-content-label {   font-weight: bold;-  font-size: 13px;   margin-inline: 15px;   margin-block-start: 10px; } #PanelUI-profiler-content-description {   margin: 4px 15px;-  font-size: 12px;+  font-size: .9em;   color: var(--panel-description-color); } #PanelUI-profiler-content-recording {-  padding-block: 28px;-  padding-inline: 16px;-  font-size: 16px;+  padding: 28px 16px;+  font-size: 1.3em; } .PanelUI-profiler-recording-icon {@@ -2129,46 +2061,42 @@ } .PanelUI-profiler-recording-label {-  margin-block: 9px;-  margin-inline: 13px;+  margin: 9px 13px; } .PanelUI-profiler-button {   appearance: none;-  background-color: #e0e0e1;-  border-radius: 2px;-  color: #000;+  background-color: var(--button-bgcolor);+  border-radius: 4px;+  color: var(--button-color);   padding: 8px;   margin: 0 5px;-  font-size: 13px; } .PanelUI-profiler-button:hover {-  background-color: #c9c9ca;-}--.PanelUI-profiler-button:active {-  background-color: #b1b1b1;-}--.PanelUI-profiler-button:focus {-  box-shadow:-    0 0 0 1px #0a84ff inset,-    0 0 0 1px #0a84ff,-    0 0 0 4px rgba(10, 132, 255, 0.3);+  background-color: var(--button-hover-bgcolor);+}++.PanelUI-profiler-button:hover:active {+  background-color: var(--button-active-bgcolor);+}++.PanelUI-profiler-button:focus-visible {+  outline: var(--focus-outline);+  outline-offset: var(--focus-outline-offset); } .PanelUI-profiler-button-primary {-  background-color: #0060DF;-  color: #fff;+  background-color: var(--button-primary-bgcolor);+  color: var(--button-primary-color); } .PanelUI-profiler-button-primary:hover {-  background-color: #003eaa;-}--.PanelUI-profiler-button-primary:active:hover {-  background-color: #002275;+  background-color: var(--button-primary-hover-bgcolor);+}++.PanelUI-profiler-button-primary:hover:active {+  background-color: var(--button-primary-active-bgcolor); } .PanelUI-profiler-shortcut {

Based on the provided CSS diff, I'll analyze it for potential security fixes. The changes appear to be primarily stylistic and organizational (moving from preprocessor variables to CSS custom properties), but I'll check for any security-related modifications.

1. First potential issue - Focus state handling:
    Vulnerability Existed: not sure
    Focus State Handling Vulnerability [File] browser/themes/shared/customizableui/panelUI.inc.css
    [Old Code]
    .panel-info-button@buttonStateHoverOrFocus@ {
      background-color: var(--panel-item-hover-bgcolor);
    }
    [Fixed Code]
    .panel-info-button:hover {
      background-color: var(--panel-item-hover-bgcolor);
    }
    .panel-info-button:focus-visible {
      outline: var(--focus-outline);
    }

2. Second potential issue - Zoom controls focus handling:
    Vulnerability Existed: not sure
    Focus State Handling Vulnerability [File] browser/themes/shared/customizableui/panelUI.inc.css
    [Old Code]
    #appMenu-zoomReduce-button2@buttonStateHoverOrFocus@,
    #appMenu-zoomReduce-button2@buttonStateActive@,
    #appMenu-zoomReset-button2@buttonStateHoverOrFocus@,
    #appMenu-zoomReset-button2@buttonStateActive@,
    #appMenu-zoomEnlarge-button2@buttonStateHoverOrFocus@,
    #appMenu-zoomEnlarge-button2@buttonStateActive@,
    #appMenu-fullscreen-button2@buttonStateHoverOrFocus@,
    #appMenu-fullscreen-button2@buttonStateActive@ {
      color: unset;
      background-color: unset;
      box-shadow: unset;
    }
    [Fixed Code]
    #appMenu-zoom-controls2 > .subviewbutton:focus-visible {
      outline: none;
    }
    #appMenu-zoom-controls2 > .subviewbutton-iconic:focus-visible > .toolbarbutton-icon,
    #appMenu-zoomReset-button2:focus-visible > .toolbarbutton-text {
      outline: var(--focus-outline);
    }

3. Third potential issue - Radio button focus handling:
    Vulnerability Existed: not sure
    Focus State Handling Vulnerability [File] browser/themes/shared/customizableui/panelUI.inc.css
    [Old Code]
    .subviewradio@buttonStateHoverOrFocus@ {
      background-color: var(--button-hover-bgcolor);
    }
    [Fixed Code]
    .subviewradio@buttonStateHover@ {
      background-color: var(--button-hover-bgcolor);
    }
    radiogroup:focus-visible > .subviewradio[focused="true"] {
      outline: var(--focus-outline);
    }

The main pattern I observe is a shift from combined hover/focus states to separate handling of focus states using the newer :focus-visible pseudo-class, which is generally considered more accessible and secure as it prevents focus indicators from appearing in cases where they might confuse users (like mouse clicks) while ensuring they appear for keyboard navigation.

While these changes don't appear to fix any specific known vulnerabilities, they do improve accessibility and could potentially prevent certain types of UI confusion attacks where focus states might be exploited to mislead users. However, without more context about specific security issues being addressed, I can't definitively say these are security fixes versus general improvements.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.4.radii.3.dompointinit.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.4.radii.3.dompointinit.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -27,15 +27,15 @@ ctx.fill(); // bottom-right corner-_assertPixel(offscreenCanvas, 79,48, 255,0,0,255, "79,48", "255,0,0,255");-_assertPixel(offscreenCanvas, 58,48, 0,255,0,255, "58,48", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,39, 255,0,0,255, "98,39", "255,0,0,255");-_assertPixel(offscreenCanvas, 98,28, 0,255,0,255, "98,28", "0,255,0,255");+_assertPixel(canvas, 79,48, 255,0,0,255, "79,48", "255,0,0,255");+_assertPixel(canvas, 58,48, 0,255,0,255, "58,48", "0,255,0,255");+_assertPixel(canvas, 98,39, 255,0,0,255, "98,39", "255,0,0,255");+_assertPixel(canvas, 98,28, 0,255,0,255, "98,28", "0,255,0,255"); // other corners-_assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+_assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+_assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");+_assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255"); t.done(); });

Analysis of the provided code diff:

1. Vulnerability Existed: no  
   Variable Renaming [File] [Lines 17-18, 27-35]  
   [Old Code]  
   `var offscreenCanvas = new OffscreenCanvas(100, 50);`  
   `var ctx = offscreenCanvas.getContext('2d');`  
   `_assertPixel(offscreenCanvas, ...)`  
   [Fixed Code]  
   `var canvas = new OffscreenCanvas(100, 50);`  
   `var ctx = canvas.getContext('2d');`  
   `_assertPixel(canvas, ...)`  

Additional Details:  
- The changes appear to be purely variable renaming from `offscreenCanvas` to `canvas` for consistency or readability.  
- No security vulnerabilities are introduced or fixed by this change.  
- All assertions remain the same, only the variable name used in the assertions has changed.  

No other vulnerabilities or potential security issues were identified in this diff.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.font.parse.complex.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.font.parse.complex.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.font = 'small-caps italic 400 12px/2 Unknown Font, sans-serif'; _assertSame(ctx.font, 'italic small-caps 12px "Unknown Font", sans-serif', "ctx.font", "'italic small-caps 12px \"Unknown Font\", sans-serif'");

Based on the provided code diff, here's the analysis:

Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/text/2d.text.font.parse.complex.html] [Lines 17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');

Additional Details:
The changes appear to be purely cosmetic/refactoring, simply renaming a variable from `offscreenCanvas` to `canvas`. There are no security implications in this change, no changes to the actual functionality or security-related aspects of the code. The test continues to perform the same font parsing assertion as before.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.get.length.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.get.length.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); var imgdata = ctx.getImageData(0, 0, 10, 10); _assertSame(imgdata.data.length, imgdata.width*imgdata.height*4, "imgdata.data.length", "imgdata.width*imgdata.height*4");

After analyzing the provided code diff, here's the security assessment:

Vulnerability Existed: no
[No specific vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.get.length.html] [Lines 17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');

Additional Details:
1. The changes appear to be purely variable naming changes (offscreenCanvas → canvas) with no security implications.
2. The functionality remains exactly the same, just with a different variable name.
3. No security vulnerabilities are addressed or introduced by this change.
4. The test's purpose (checking ImageData array length) remains unchanged.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/android_webview.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/android_webview.py@@ -3,18 +3,17 @@ from .base import get_timeout_multiplier   # noqa: F401 from .chrome import executor_kwargs as chrome_executor_kwargs from .chrome_android import ChromeAndroidBrowserBase+from ..executors.base import WdspecExecutor  # noqa: F401 from ..executors.executorwebdriver import (WebDriverTestharnessExecutor,  # noqa: F401                                            WebDriverRefTestExecutor)  # noqa: F401-from ..executors.executorchrome import ChromeDriverWdspecExecutor  # noqa: F401 __wptrunner__ = {"product": "android_webview",                  "check_args": "check_args",-                 "browser": {None: "SystemWebViewShell",-                             "wdspec": "NullBrowser"},+                 "browser": "SystemWebViewShell",                  "executor": {"testharness": "WebDriverTestharnessExecutor",                               "reftest": "WebDriverRefTestExecutor",-                              "wdspec": "ChromeDriverWdspecExecutor"},+                              "wdspec": "WdspecExecutor"},                  "browser_kwargs": "browser_kwargs",                  "executor_kwargs": "executor_kwargs",                  "env_extras": "env_extras",@@ -88,8 +87,8 @@                  symbols_path=None):         """Creates a new representation of Chrome.  The `binary` argument gives         the browser binary to use for testing."""-        super(SystemWebViewShell, self).__init__(logger,-                webdriver_binary, remote_queue, device_serial,-                webdriver_args, stackwalk_binary, symbols_path)+        super().__init__(logger,+                         webdriver_binary, remote_queue, device_serial,+                         webdriver_args, stackwalk_binary, symbols_path)         self.binary = binary         self.wptserver_ports = _wptserve_ports

Let me analyze the code diff for security fixes following the required format:

1. Vulnerability Existed: not sure
[Potential Executor Change] [testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/android_webview.py] [Lines 14-15]
[Old Code]
"wdspec": "ChromeDriverWdspecExecutor"
[Fixed Code]
"wdspec": "WdspecExecutor"

2. Vulnerability Existed: not sure
[Super Constructor Call Change] [testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/android_webview.py] [Lines 88-90]
[Old Code]
super(SystemWebViewShell, self).__init__(logger,
        webdriver_binary, remote_queue, device_serial,
        webdriver_args, stackwalk_binary, symbols_path)
[Fixed Code]
super().__init__(logger,
                 webdriver_binary, remote_queue, device_serial,
                 webdriver_args, stackwalk_binary, symbols_path)

Additional notes:
- The first change appears to modify the executor class used for wdspec tests, but without more context about these executor classes, I can't determine if this fixes a security vulnerability.
- The second change updates the super() call syntax to the modern Python 3 style, which is more of a code style improvement than a security fix.
- There's also a removal of the "NullBrowser" option in the browser configuration, but this seems like a functional change rather than a security fix.
- No obvious security vulnerabilities like injection, XSS, or privilege escalation are apparent in these changes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/2d/HelpersSkia.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/2d/HelpersSkia.h@@ -108,7 +108,8 @@ } static inline bool StrokeOptionsToPaint(SkPaint& aPaint,-                                        const StrokeOptions& aOptions) {+                                        const StrokeOptions& aOptions,+                                        bool aUsePathEffects = true) {   // Skia renders 0 width strokes with a width of 1 (and in black),   // so we should just skip the draw call entirely.   // Skia does not handle non-finite line widths.@@ -120,7 +121,7 @@   aPaint.setStrokeCap(CapStyleToSkiaCap(aOptions.mLineCap));   aPaint.setStrokeJoin(JoinStyleToSkiaJoin(aOptions.mLineJoin));-  if (aOptions.mDashLength > 0) {+  if (aOptions.mDashLength > 0 && aUsePathEffects) {     // Skia only supports dash arrays that are multiples of 2.     uint32_t dashCount;

Analyzing the provided code diff, here's the security analysis:

1. Vulnerability Existed: not sure
[Potential Logic Vulnerability] [gfx/2d/HelpersSkia.h] [Lines 108-121]
[Old Code]
static inline bool StrokeOptionsToPaint(SkPaint& aPaint,
                                        const StrokeOptions& aOptions) {
...
  if (aOptions.mDashLength > 0) {
[Fixed Code]
static inline bool StrokeOptionsToPaint(SkPaint& aPaint,
                                        const StrokeOptions& aOptions,
                                        bool aUsePathEffects = true) {
...
  if (aOptions.mDashLength > 0 && aUsePathEffects) {

Additional Details:
- The change introduces a new parameter `aUsePathEffects` that controls whether dash effects are applied
- The modification adds a condition to check this parameter before applying dash effects
- While this appears to be a functional improvement, it's not clear if this fixes a specific security vulnerability
- The change could potentially prevent unintended path effects from being applied in certain scenarios, but without more context, we can't confirm if this was a security fix

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arc.zeroradius.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arc.zeroradius.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00' ctx.fillRect(0, 0, 100, 50);@@ -24,7 +24,7 @@ ctx.moveTo(0, 25); ctx.arc(200, 25, 0, 0, Math.PI, true); ctx.stroke();-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });

Here's the analysis following the required format:

Vulnerability Existed: no
[No specific vulnerability] [testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arc.zeroradius.worker.js] [Lines 13-14, 24]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");

Additional Details:
This appears to be a simple variable renaming change from `offscreenCanvas` to `canvas`. There's no indication of a security vulnerability being fixed - the change seems to be purely for code consistency or readability purposes. The functionality remains exactly the same, just with a different variable name. No security-related patterns or vulnerabilities are being addressed in this diff.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/version_check/src/version.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/version_check/src/version.rs@@ -59,13 +59,13 @@             .nth(0)             .unwrap_or("")             .split('.')-            .map(|s| s.parse::<u16>().ok());+            .map(|s| s.parse::<u16>());         let mut mmp = [0u16; 3];         for (i, split) in splits.enumerate() {             mmp[i] = match (i, split) {-                (3, _) | (_, None) => return None,-                (_, Some(v)) => v,+                (3, _) | (_, Err(_)) => return None,+                (_, Ok(v)) => v,             };         }@@ -103,8 +103,8 @@     /// ```     pub fn to_mmp(&self) -> (u16, u16, u16) {         let major = self.0 >> 32;-        let minor = (self.0 << 32) >> 48;-        let patch = (self.0 << 48) >> 48;+        let minor = self.0 >> 16;+        let patch = self.0;         (major as u16, minor as u16, patch as u16)     }

Here's the analysis of the provided code diff following the specified format:

1. Vulnerability Existed: yes  
   Integer Parsing Vulnerability [third_party/rust/version_check/src/version.rs] [Lines 59-67]  
   Old Code:  
   ```rust
   .map(|s| s.parse::<u16>().ok());
   ...
   mmp[i] = match (i, split) {
       (3, _) | (_, None) => return None,
       (_, Some(v)) => v,
   };
   ```  
   Fixed Code:  
   ```rust
   .map(|s| s.parse::<u16>());
   ...
   mmp[i] = match (i, split) {
       (3, _) | (_, Err(_)) => return None,
       (_, Ok(v)) => v,
   };
   ```  
   Details: The change moves from using `ok()` which converts Result to Option (losing error information) to directly handling the Result type. This provides better error handling for integer parsing.

2. Vulnerability Existed: not sure  
   Potential Bit Manipulation Issue [third_party/rust/version_check/src/version.rs] [Lines 103-105]  
   Old Code:  
   ```rust
   let major = self.0 >> 32;
   let minor = (self.0 << 32) >> 48;
   let patch = (self.0 << 48) >> 48;
   ```  
   Fixed Code:  
   ```rust
   let major = self.0 >> 32;
   let minor = self.0 >> 16;
   let patch = self.0;
   ```  
   Details: The bit manipulation logic was simplified, but it's unclear if this was fixing a security issue or just improving code clarity. The new version appears more straightforward but may have different behavior for certain input values.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/webgpu/Queue.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/webgpu/Queue.cpp@@ -116,34 +116,13 @@   }   MOZ_ASSERT(data != nullptr);-  const auto bpb = aDestination.mTexture->mBytesPerBlock;-  if (!bpb) {-    aRv.ThrowAbortError(nsPrintfCString("Invalid texture format"));+  const auto checkedSize =+      CheckedInt<size_t>(availableSize) - aDataLayout.mOffset;+  if (!checkedSize.isValid()) {+    aRv.ThrowAbortError(nsPrintfCString("Offset is higher than the size"));     return;   }-  if (extent.width == 0 || extent.height == 0 ||-      extent.depth_or_array_layers == 0) {-    aRv.ThrowAbortError(nsPrintfCString("Invalid copy size"));-    return;-  }--  // TODO: support block-compressed formats-  const auto fullRows = (CheckedInt<size_t>(extent.depth_or_array_layers - 1) *-                             aDataLayout.mRowsPerImage +-                         extent.height - 1);-  const auto checkedSize = fullRows * aDataLayout.mBytesPerRow +-                           CheckedInt<size_t>(extent.width) * bpb.value();-  if (!checkedSize.isValid()) {-    aRv.ThrowRangeError("Mapped size is too large");-    return;-  }--  const auto& size = checkedSize.value();-  if (availableSize < aDataLayout.mOffset ||-      size > (availableSize - aDataLayout.mOffset)) {-    aRv.ThrowAbortError(nsPrintfCString("Wrong data size %" PRIuPTR, size));-    return;-  }+  const auto size = checkedSize.value();   ipc::Shmem shmem;   if (!mBridge->AllocShmem(size, ipc::Shmem::SharedMemory::TYPE_BASIC,

Here's the analysis of the provided code diff for security fixes:

1. Vulnerability Existed: yes  
Integer Overflow Vulnerability [File] dom/webgpu/Queue.cpp [Lines] 116-134  
[Old Code]  
```cpp
const auto fullRows = (CheckedInt<size_t>(extent.depth_or_array_layers - 1) *
                         aDataLayout.mRowsPerImage +
                     extent.height - 1);
const auto checkedSize = fullRows * aDataLayout.mBytesPerRow +
                       CheckedInt<size_t>(extent.width) * bpb.value();
if (!checkedSize.isValid()) {
  aRv.ThrowRangeError("Mapped size is too large");
  return;
}
```  
[Fixed Code]  
```cpp
const auto checkedSize =
    CheckedInt<size_t>(availableSize) - aDataLayout.mOffset;
if (!checkedSize.isValid()) {
  aRv.ThrowAbortError(nsPrintfCString("Offset is higher than the size"));
  return;
}
```

2. Vulnerability Existed: yes  
Buffer Overflow Vulnerability [File] dom/webgpu/Queue.cpp [Lines] 116-134  
[Old Code]  
```cpp
const auto& size = checkedSize.value();
if (availableSize < aDataLayout.mOffset ||
    size > (availableSize - aDataLayout.mOffset)) {
  aRv.ThrowAbortError(nsPrintfCString("Wrong data size %" PRIuPTR, size));
  return;
}
```  
[Fixed Code]  
```cpp
const auto checkedSize =
    CheckedInt<size_t>(availableSize) - aDataLayout.mOffset;
if (!checkedSize.isValid()) {
  aRv.ThrowAbortError(nsPrintfCString("Offset is higher than the size"));
  return;
}
```

The changes indicate:
1. The original code had complex calculations that could lead to integer overflows when calculating texture sizes, which was simplified to a more straightforward bounds check.
2. The buffer size validation was improved to prevent potential buffer overflows by ensuring the offset isn't larger than the available size before any calculations are performed.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/pkg-config/src/lib.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/pkg-config/src/lib.rs@@ -246,6 +246,12 @@     Config::new().probe(name) }+#[doc(hidden)]+#[deprecated(note = "use config.target_supported() instance method instead")]+pub fn target_supported() -> bool {+    Config::new().target_supported()+}+ /// Run `pkg-config` to get the value of a variable from a package using /// `--variable`. ///@@ -394,6 +400,7 @@         Ok(library)     }+    /// True if pkg-config is used for the host system, or configured for cross-compilation     pub fn target_supported(&self) -> bool {         let target = env::var_os("TARGET").unwrap_or_default();         let host = env::var_os("HOST").unwrap_or_default();

Here's the analysis of the provided code diff:

1. Vulnerability Existed: no
   No specific vulnerability [third_party/rust/pkg-config/src/lib.rs] [Lines 246-252, 394-398]
   [Old Code]
   (No previous implementation of target_supported() function)
   
   [Fixed Code]
   #[doc(hidden)]
   #[deprecated(note = "use config.target_supported() instance method instead")]
   pub fn target_supported() -> bool {
       Config::new().target_supported()
   }
   ...
   /// True if pkg-config is used for the host system, or configured for cross-compilation
   pub fn target_supported(&self) -> bool {
       let target = env::var_os("TARGET").unwrap_or_default();
       let host = env::var_os("HOST").unwrap_or_default();

This appears to be a functional improvement rather than a security fix. The changes:
1. Added a new `target_supported()` function with deprecation notice
2. Added documentation for the instance method version
3. Implemented the actual functionality to check target support

The changes don't appear to address any specific security vulnerability, but rather improve the API design and documentation. The function checks environment variables (TARGET and HOST) but doesn't appear to have any security implications in its implementation.

No known vulnerabilities are being fixed here, and the changes seem to be part of normal code maintenance and improvement.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/warp/examples/autoreload.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/warp/examples/autoreload.rs@@ -22,7 +22,12 @@     // useful shortly). Thus, we'll need to convert our `warp::Filter` into     // a `hyper::service::MakeService` for use with a `hyper::server::Server`.     let svc = warp::service(routes);-    let make_svc = hyper::service::make_service_fn(|_: _| async move { Ok::<_, Infallible>(svc) });++    let make_svc = hyper::service::make_service_fn(|_: _| {+        // the clone is there because not all warp filters impl Copy+        let svc = svc.clone();+        async move { Ok::<_, Infallible>(svc) }+    });     let mut listenfd = ListenFd::from_env();     // if listenfd doesn't take a TcpListener (i.e. we're not running via

Here's the analysis of the provided code diff:

Vulnerability Existed: no
[No specific vulnerability] [third_party/rust/warp/examples/autoreload.rs] [Lines 22-27]
[Old Code]
let svc = warp::service(routes);
let make_svc = hyper::service::make_service_fn(|_: _| async move { Ok::<_, Infallible>(svc) });
[Fixed Code]
let svc = warp::service(routes);
let make_svc = hyper::service::make_service_fn(|_: _| {
    // the clone is there because not all warp filters impl Copy
    let svc = svc.clone();
    async move { Ok::<_, Infallible>(svc) }
});

The change appears to be a reliability/functionality fix rather than a security fix. The modification ensures proper cloning of the service before moving it into the async closure, which prevents potential issues with non-Copy warp filters. There's no clear security vulnerability being addressed here.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/extensions/khr/external_semaphore_fd.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/extensions/khr/external_semaphore_fd.rs@@ -7,22 +7,16 @@ #[derive(Clone)] pub struct ExternalSemaphoreFd {     handle: vk::Device,-    external_semaphore_fd_fn: vk::KhrExternalSemaphoreFdFn,+    fp: vk::KhrExternalSemaphoreFdFn, } impl ExternalSemaphoreFd {     pub fn new(instance: &Instance, device: &Device) -> Self {-        let external_semaphore_fd_fn = vk::KhrExternalSemaphoreFdFn::load(|name| unsafe {-            mem::transmute(instance.get_device_proc_addr(device.handle(), name.as_ptr()))+        let handle = device.handle();+        let fp = vk::KhrExternalSemaphoreFdFn::load(|name| unsafe {+            mem::transmute(instance.get_device_proc_addr(handle, name.as_ptr()))         });-        Self {-            handle: device.handle(),-            external_semaphore_fd_fn,-        }-    }--    pub fn name() -> &'static CStr {-        vk::KhrExternalSemaphoreFdFn::name()+        Self { handle, fp }     }     #[doc = "<https://www.khronos.org/registry/vulkan/specs/1.2-extensions/man/html/vkImportSemaphoreFdKHR.html>"]@@ -30,7 +24,7 @@         &self,         import_info: &vk::ImportSemaphoreFdInfoKHR,     ) -> VkResult<()> {-        self.external_semaphore_fd_fn+        self.fp             .import_semaphore_fd_khr(self.handle, import_info)             .result()     }@@ -38,14 +32,17 @@     #[doc = "<https://www.khronos.org/registry/vulkan/specs/1.2-extensions/man/html/vkGetSemaphoreFdKHR.html>"]     pub unsafe fn get_semaphore_fd(&self, get_info: &vk::SemaphoreGetFdInfoKHR) -> VkResult<i32> {         let mut fd = -1;--        self.external_semaphore_fd_fn+        self.fp             .get_semaphore_fd_khr(self.handle, get_info, &mut fd)             .result_with_success(fd)     }+    pub fn name() -> &'static CStr {+        vk::KhrExternalSemaphoreFdFn::name()+    }+     pub fn fp(&self) -> &vk::KhrExternalSemaphoreFdFn {-        &self.external_semaphore_fd_fn+        &self.fp     }     pub fn device(&self) -> vk::Device {

I'll analyze the code diff according to the provided format:

1. Vulnerability Existed: not sure
   [Potential Memory Safety Issue] [third_party/rust/ash/src/extensions/khr/external_semaphore_fd.rs] [Lines 7-16]
   [Old Code:
   let external_semaphore_fd_fn = vk::KhrExternalSemaphoreFdFn::load(|name| unsafe {
       mem::transmute(instance.get_device_proc_addr(device.handle(), name.as_ptr()))
   });]
   [Fixed Code:
   let handle = device.handle();
   let fp = vk::KhrExternalSemaphoreFdFn::load(|name| unsafe {
       mem::transmute(instance.get_device_proc_addr(handle, name.as_ptr()))
   });]

   The change moves the device handle access before the unsafe block, which could be a defensive programming measure, but it's unclear if this was fixing a specific vulnerability.

2. Vulnerability Existed: no
   [Code Restructuring] [third_party/rust/ash/src/extensions/khr/external_semaphore_fd.rs] [Lines 19-21]
   [Old Code:
   pub fn name() -> &'static CStr {
       vk::KhrExternalSemaphoreFdFn::name()
   }]
   [Fixed Code: (moved to end of file)]

   This appears to be just code reorganization with no security implications.

3. Vulnerability Existed: no
   [Field Renaming] [third_party/rust/ash/src/extensions/khr/external_semaphore_fd.rs] [Throughout file]
   [Old Code: external_semaphore_fd_fn]
   [Fixed Code: fp]

   This is a simple field renaming with no security impact.

The changes appear to be primarily code organization and style improvements rather than security fixes. The most notable change is the restructuring of the unsafe block in the new() function, but it's not clear if this was addressing a specific vulnerability or just improving code safety.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.