Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/shared/commands/target/legacy-target-watchers/legacy-workers-watcher.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/shared/commands/target/legacy-target-watchers/legacy-workers-watcher.js@@ -4,9 +4,7 @@ "use strict";-const {- LegacyProcessesWatcher,-} = require("devtools/shared/commands/target/legacy-target-watchers/legacy-processes-watcher");+const LegacyProcessesWatcher = require("devtools/shared/commands/target/legacy-target-watchers/legacy-processes-watcher"); class LegacyWorkersWatcher { constructor(targetCommand, onTargetAvailable, onTargetDestroyed) {@@ -237,4 +235,4 @@ } }-module.exports = { LegacyWorkersWatcher };+module.exports = LegacyWorkersWatcher;
Here's the analysis of the provided code diff:
Vulnerability Existed: no
[No specific vulnerability] [devtools/shared/commands/target/legacy-target-watchers/legacy-workers-watcher.js] [Lines 4-9, 237]
[Old Code]
const {
LegacyProcessesWatcher,
} = require("devtools/shared/commands/target/legacy-target-watchers/legacy-processes-watcher");
...
module.exports = { LegacyWorkersWatcher };
[Fixed Code]
const LegacyProcessesWatcher = require("devtools/shared/commands/target/legacy-target-watchers/legacy-processes-watcher");
...
module.exports = LegacyWorkersWatcher;
Additional Details:
The changes appear to be purely stylistic/structural improvements rather than security fixes:
1. Changed from destructuring import to direct import
2. Changed from exporting as an object to direct export
No security vulnerabilities are apparent in this change, and the modifications don't relate to any known vulnerability patterns.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/size.attributes.parse.plus.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/size.attributes.parse.plus.worker.js@@ -13,13 +13,13 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d');-offscreenCanvas.width = '+100';-offscreenCanvas.height = '+100';-_assertSame(offscreenCanvas.width, 100, "offscreenCanvas.width", "100");-_assertSame(offscreenCanvas.height, 100, "offscreenCanvas.height", "100");+canvas.width = '+100';+canvas.height = '+100';+_assertSame(canvas.width, 100, "canvas.width", "100");+_assertSame(canvas.height, 100, "canvas.height", "100"); t.done(); });
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable name refactoring and don't involve any security-related modifications. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found [testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/size.attributes.parse.plus.worker.js] [Lines 13-21]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
offscreenCanvas.width = '+100';
offscreenCanvas.height = '+100';
_assertSame(offscreenCanvas.width, 100, "offscreenCanvas.width", "100");
_assertSame(offscreenCanvas.height, 100, "offscreenCanvas.height", "100");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
canvas.width = '+100';
canvas.height = '+100';
_assertSame(canvas.width, 100, "canvas.width", "100");
_assertSame(canvas.height, 100, "canvas.height", "100");
The changes simply rename the variable from `offscreenCanvas` to `canvas` and update the corresponding assertions. There's no change in functionality or security implications.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-values/calc-min-height.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-values/calc-min-height.html@@ -21,7 +21,6 @@ <link rel="help" href="https://www.w3.org/TR/css-values-3/#calc-notation"> <link rel="match" href="../reference/ref-filled-green-100px-square.xht">- <meta name="flags" content=""> <meta name="assert" content="This test checks how 'min-height' with calc(percentage) and 'box-sizing' are handled. The percentage in the calc() is calculated on the content box height of div#container."> <style>
Analyzing the provided code diff for security fixes: 1. Vulnerability Existed: no No specific vulnerability found [File] testing/web-platform/tests/css/css-values/calc-min-height.html [Lines] 21 [Old Code] `<meta name="flags" content="">` [Fixed Code] (line removed) Additional Details: - The change simply removes an empty meta tag for "flags" which appears to be a test configuration cleanup rather than a security fix - No security vulnerability is apparent in this change - The modification seems related to test metadata rather than security functionality Note: Since this is a test file modification, security vulnerabilities are less likely to be present compared to production code changes. The change appears to be a benign cleanup of test metadata.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-pseudo/cascade-highlight-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-pseudo/cascade-highlight-001.html@@ -13,7 +13,6 @@ https://www.w3.org/TR/css-pseudo-4/#example-c35bf49a -->- <meta content="" name="flags"> <meta name="assert" content="This test is an adaptation (or modified version) of Example 11 (#example-c35bf49a). The 'div > span::selection' selector has an higher specificity than the 'span::selection' selector."> <link rel="stylesheet" href="support/highlights.css">
Analysis of the provided code diff: 1. Vulnerability Existed: not sure [Potential Information Disclosure] [testing/web-platform/tests/css/css-pseudo/cascade-highlight-001.html] [Line 13] [Old Code] `<meta content="" name="flags">` [Fixed Code] `[removed]` Additional Details: - The removed line appears to be a meta tag for test flags, but it was empty (`content=""`). - While not clearly a security vulnerability, removing unused or empty meta tags could be considered a security hygiene improvement as it reduces potential attack surface. - Without more context about what the "flags" meta tag was intended for, we can't definitively say this was a security fix, but it's worth noting the removal. - No specific vulnerability name clearly applies here, but removing unused code is generally good practice. Note: This appears to be a test file modification rather than a production code change, which typically has lower security implications. The change seems more related to test cleanup than addressing a specific vulnerability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/builtin/TestingUtility.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/builtin/TestingUtility.cpp@@ -99,8 +99,50 @@ if (!JS_GetProperty(cx, opts, "forceFullParse", &v)) { return false; }+ bool forceFullParseIsSet = !v.isUndefined(); if (v.isBoolean() && v.toBoolean()) { options.setForceFullParse();+ }++ if (!JS_GetProperty(cx, opts, "eagerDelazificationStrategy", &v)) {+ return false;+ }+ if (forceFullParseIsSet && !v.isUndefined()) {+ JS_ReportErrorASCII(+ cx, "forceFullParse and eagerDelazificationStrategy are both set.");+ return false;+ }+ if (v.isString()) {+ s = JS::ToString(cx, v);+ if (!s) {+ return false;+ }++ JSLinearString* str = JS_EnsureLinearString(cx, s);+ if (!str) {+ return false;+ }++ bool found = false;+ JS::DelazificationOption strategy = JS::DelazificationOption::OnDemandOnly;++#define MATCH_AND_SET_STRATEGY_(NAME) \+ if (!found && JS_LinearStringEqualsLiteral(str, #NAME)) { \+ strategy = JS::DelazificationOption::NAME; \+ found = true; \+ }++ FOREACH_DELAZIFICATION_STRATEGY(MATCH_AND_SET_STRATEGY_);+#undef MATCH_AND_SET_STRATEGY_+#undef FOR_STRATEGY_NAMES++ if (!found) {+ JS_ReportErrorASCII(cx,+ "eagerDelazificationStrategy does not match any "+ "DelazificationOption.");+ return false;+ }+ options.setEagerDelazificationStrategy(strategy); } return true;
Here's the analysis of the provided code diff:
1. Vulnerability Existed: not sure
[Potential Input Validation Issue] [js/src/builtin/TestingUtility.cpp] [Lines 99-143]
[Old Code]
```cpp
if (!JS_GetProperty(cx, opts, "forceFullParse", &v)) {
return false;
}
if (v.isBoolean() && v.toBoolean()) {
options.setForceFullParse();
}
```
[Fixed Code]
```cpp
if (!JS_GetProperty(cx, opts, "forceFullParse", &v)) {
return false;
}
bool forceFullParseIsSet = !v.isUndefined();
if (v.isBoolean() && v.toBoolean()) {
options.setForceFullParse();
}
if (!JS_GetProperty(cx, opts, "eagerDelazificationStrategy", &v)) {
return false;
}
if (forceFullParseIsSet && !v.isUndefined()) {
JS_ReportErrorASCII(
cx, "forceFullParse and eagerDelazificationStrategy are both set.");
return false;
}
// ... (additional validation code)
```
Additional Details: The fix adds validation to prevent both "forceFullParse" and "eagerDelazificationStrategy" from being set simultaneously, which could potentially lead to undefined behavior. However, it's unclear if this was an actual security vulnerability or just a logical error prevention.
2. Vulnerability Existed: not sure
[Potential Unvalidated String Input] [js/src/builtin/TestingUtility.cpp] [Lines 99-143]
[Old Code]
```cpp
// No validation for eagerDelazificationStrategy string input
```
[Fixed Code]
```cpp
if (v.isString()) {
s = JS::ToString(cx, v);
if (!s) {
return false;
}
JSLinearString* str = JS_EnsureLinearString(cx, s);
if (!str) {
return false;
}
bool found = false;
JS::DelazificationOption strategy = JS::DelazificationOption::OnDemandOnly;
#define MATCH_AND_SET_STRATEGY_(NAME) \
if (!found && JS_LinearStringEqualsLiteral(str, #NAME)) { \
strategy = JS::DelazificationOption::NAME; \
found = true; \
}
FOREACH_DELAZIFICATION_STRATEGY(MATCH_AND_SET_STRATEGY_);
#undef MATCH_AND_SET_STRATEGY_
#undef FOR_STRATEGY_NAMES
if (!found) {
JS_ReportErrorASCII(cx,
"eagerDelazificationStrategy does not match any "
"DelazificationOption.");
return false;
}
options.setEagerDelazificationStrategy(strategy);
}
```
Additional Details: The fix adds proper validation for the "eagerDelazificationStrategy" string input, ensuring it matches one of the predefined strategies. While this prevents invalid inputs, it's unclear if this could have been exploited maliciously before the fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-backgrounds/background-size-041.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-backgrounds/background-size-041.html@@ -27,7 +27,6 @@ <link rel="match" href="reference/background-size-041-ref.html">- <meta content="" name="flags"> <meta content="This test checks that when one 'background-size' is 'auto' and the image has no intrinsic size and no intrinsic ratio, then it should use 100%. In this test, the 'auto' value should use 100% of the height of the background positioning area of the div, which is 400px." name="assert"> <style>
Analysis of the provided code diff: 1. Vulnerability Existed: no No specific vulnerability found [File] [Lines 27] Old Code: `<meta content="" name="flags">` Fixed Code: (line removed) Additional Details: - The diff shows only the removal of a meta tag with an empty "flags" attribute - This appears to be test configuration cleanup rather than a security fix - No known vulnerabilities are associated with this change - The change is likely related to test maintenance rather than security Note: Since this is a test file (background-size-041.html) and the change is minimal (removing an unused meta tag), there doesn't appear to be any security implications in this modification. The change seems focused on cleaning up test configuration rather than addressing any security vulnerabilities.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/wgpu_bindings/src/server.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/wgpu_bindings/src/server.rs@@ -618,7 +618,7 @@ gfx_select!(self_id => global.queue_write_buffer(self_id, dst, offset, data)) } QueueWriteAction::Texture { dst, layout, size } => {- gfx_select!(self_id => global.queue_write_texture(self_id, &dst, &data, &layout, &size))+ gfx_select!(self_id => global.queue_write_texture(self_id, &dst, data, &layout, &size)) } }; if let Err(err) = result {
Let me analyze the code diff for potential security fixes. Vulnerability Existed: not sure Potential Reference Handling Issue [File] gfx/wgpu_bindings/src/server.rs [Lines 618-622] [Old Code] gfx_select!(self_id => global.queue_write_texture(self_id, &dst, &data, &layout, &size)) [Fixed Code] gfx_select!(self_id => global.queue_write_texture(self_id, &dst, data, &layout, &size)) Additional Details: The change removes a reference operator (&) from the 'data' parameter being passed to queue_write_texture. While this could potentially relate to memory safety or reference handling, without more context about the function's implementation and requirements, I can't definitively identify a specific vulnerability. The change might be related to: 1. Preventing potential double-referencing issues 2. Aligning with function parameter expectations 3. Memory safety improvements But without seeing the function signature or more context, this remains uncertain.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/line-styles/2d.line.miter.acute.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/line-styles/2d.line.miter.acute.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -38,10 +38,10 @@ ctx.lineTo(100, 100); ctx.lineTo(1000, 1000); ctx.stroke();-_assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 48,1, 0,255,0,255, "48,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 48,48, 0,255,0,255, "48,48", "0,255,0,255");-_assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+_assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+_assertPixel(canvas, 48,1, 0,255,0,255, "48,1", "0,255,0,255");+_assertPixel(canvas, 48,48, 0,255,0,255, "48,48", "0,255,0,255");+_assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't find any security vulnerabilities. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and corresponding updates to function calls using this variable. Here's the structured response:
Vulnerability Existed: no
No security vulnerability found [testing/web-platform/tests/html/canvas/offscreen/line-styles/2d.line.miter.acute.html] [Lines 17-38]
[Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); and related usages]
[Fixed Code: var canvas = new OffscreenCanvas(100, 50); and related usages]
The changes are purely cosmetic/refactoring in nature and don't affect security. The functionality remains identical, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/python/attrs/attr/converters.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/python/attrs/attr/converters.py@@ -32,14 +32,14 @@ result of *factory*. :param default: Value to be used if ``None`` is passed. Passing an instance- of :class:`attr.Factory` is supported, however the ``takes_self`` option+ of `attr.Factory` is supported, however the ``takes_self`` option is *not*. :param callable factory: A callable that takes not parameters whose result is used if ``None`` is passed. :raises TypeError: If **neither** *default* or *factory* is passed. :raises TypeError: If **both** *default* and *factory* are passed.- :raises ValueError: If an instance of :class:`attr.Factory` is passed with+ :raises ValueError: If an instance of `attr.Factory` is passed with ``takes_self=True``. .. versionadded:: 18.2.0
After analyzing the provided code diff, I don't find any security vulnerabilities being fixed. The changes appear to be documentation improvements rather than security fixes. Here's the analysis:
Vulnerability Existed: no
Documentation Improvement [third_party/python/attrs/attr/converters.py] [Lines 32-41]
[Old Code]
- of :class:`attr.Factory` is supported, however the ``takes_self`` option
[...]
- :raises ValueError: If an instance of :class:`attr.Factory` is passed with
[Fixed Code]
+ of `attr.Factory` is supported, however the ``takes_self`` option
[...]
+ :raises ValueError: If an instance of `attr.Factory` is passed with
The changes are purely stylistic, converting RST-style `:class:` markup to simple backticks for documentation formatting. There are no functional changes to the code that would indicate a security fix. The behavior and error conditions remain exactly the same, only the documentation formatting has been updated.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/taskcluster/gecko_taskgraph/transforms/test/other.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/taskcluster/gecko_taskgraph/transforms/test/other.py@@ -341,29 +341,29 @@ "linux64-chromedriver-87", ], "linux.*": [- "linux64-chromedriver-94", "linux64-chromedriver-95", "linux64-chromedriver-96",+ "linux64-chromedriver-97", ], "macosx.*": [- "mac64-chromedriver-94", "mac64-chromedriver-95", "mac64-chromedriver-96",+ "mac64-chromedriver-97", ], "windows.*aarch64.*": [- "win32-chromedriver-94", "win32-chromedriver-95", "win32-chromedriver-96",+ "win32-chromedriver-97", ], "windows.*-32.*": [- "win32-chromedriver-94", "win32-chromedriver-95", "win32-chromedriver-96",+ "win32-chromedriver-97", ], "windows.*-64.*": [- "win32-chromedriver-94", "win32-chromedriver-95", "win32-chromedriver-96",+ "win32-chromedriver-97", ], }@@ -766,6 +766,7 @@ "ccov", "clang-trunk", "devedition",+ "domstreams", "lite", "mingwclang", "shippable",@@ -1053,8 +1054,5 @@ schedules.add(category) schedules.add(platform_family(task["build-platform"]))- if task["webrender"]:- schedules.add("webrender")- task["schedules-component"] = sorted(schedules) yield task
Analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be routine updates and additions rather than security patches. Here's the analysis:
1. Vulnerability Existed: no
ChromeDriver Version Updates [taskcluster/gecko_taskgraph/transforms/test/other.py] [Lines 341-366]
[Old Code]
"linux.*": [
"linux64-chromedriver-94",
"linux64-chromedriver-95",
"linux64-chromedriver-96",
],
[Fixed Code]
"linux.*": [
"linux64-chromedriver-95",
"linux64-chromedriver-96",
"linux64-chromedriver-97",
]
Additional Details: This appears to be a routine update of ChromeDriver versions, removing version 94 and adding version 97.
2. Vulnerability Existed: no
New Test Suite Addition [taskcluster/gecko_taskgraph/transforms/test/other.py] [Lines 766-774]
[Old Code]
"ccov",
"clang-trunk",
"devedition",
"lite",
"mingwclang",
"shippable",
[Fixed Code]
"ccov",
"clang-trunk",
"devedition",
"domstreams",
"lite",
"mingwclang",
"shippable",
Additional Details: This adds a new test suite "domstreams" to the list, which doesn't appear to be security-related.
3. Vulnerability Existed: no
Schedule Component Removal [taskcluster/gecko_taskgraph/transforms/test/other.py] [Lines 1053-1056]
[Old Code]
if task["webrender"]:
schedules.add("webrender")
[Fixed Code]
(removed)
Additional Details: This removes the conditional addition of "webrender" to schedules, which appears to be a feature change rather than a security fix.
No security vulnerabilities were identified in this diff. The changes appear to be routine maintenance and feature updates.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/thebes/gfxFcPlatformFontList.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/thebes/gfxFcPlatformFontList.cpp@@ -545,8 +545,8 @@ case FontSizeAdjust::Tag::IcHeight: { bool vertical = FontSizeAdjust::Tag(aSizeAdjustBasis) == FontSizeAdjust::Tag::IcHeight;- gfxFloat advance = font->GetCharAdvance(gfxFont::kWaterIdeograph,- vertical);+ gfxFloat advance =+ font->GetCharAdvance(gfxFont::kWaterIdeograph, vertical); return advance > 0 ? advance / metrics.emHeight : 1.0; } default:
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Code Style/Formatting Issue] [gfx/thebes/gfxFcPlatformFontList.cpp] [Lines 545-548]
[Old Code]
```cpp
gfxFloat advance = font->GetCharAdvance(gfxFont::kWaterIdeograph,
vertical);
```
[Fixed Code]
```cpp
gfxFloat advance =
font->GetCharAdvance(gfxFont::kWaterIdeograph, vertical);
```
Additional Details:
The change appears to be purely stylistic/formatting-related, splitting the line more cleanly. There's no obvious security vulnerability being fixed here, just code style improvement. The functionality remains exactly the same. No known vulnerability name applies to this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/thiserror/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/thiserror/.cargo-checksum.json@@ -1 +1 @@-{"files":{"Cargo.toml":"fb4e275d0b82f2565c20a1157669c54d8b56abcd63500b57414cdff2eabc4bf8","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","README.md":"4a8158e9d46396061d4fd76d487a303cd97e1bf6e3c75f46bd670dc203f5bd26","src/aserror.rs":"3cce71ec50a67dd21e5a45eabb27d4d8b8b4210e41cd5b0f8fc6bc7e0b843f74","src/display.rs":"63c492bfa8b8e9180ad5abcbe63c1173b4ad490c47ec33cac9a338f96c8f8e42","src/lib.rs":"150d75132359e35b1d90d0b881e4be1d542a48610cef6848616352b58850e48e","tests/compiletest.rs":"c61425723ca4eeb4a9079495c0e9640a9d210780b47e183fdb09ee2ad6887ce6","tests/test_backtrace.rs":"a811f816693df42e82c8dc52bff054d5feace8607f1bf6a9675e5ae77d72ca11","tests/test_deprecated.rs":"7b80a10f090a3982da017556d3d71398abcead59afd8278c7b9d9b1f7b66c7b3","tests/test_display.rs":"dde5540dd4b47613ae9e3a1360ced832131a86c83ccc7da2bb89042062aa5d5e","tests/test_error.rs":"994f35bba245cbdc08c094094b9c1440a0a2b48333663c73c6a96e772ae5d3d8","tests/test_expr.rs":"cd42633c0b0a0f595a5c498e576ca50b3a1c555c54b4652bdd296a4073771a61","tests/test_from.rs":"ff809f80ff09c9cba10b53321396d1807873b8d291b544d27560d1ee1743c29c","tests/test_lints.rs":"c17d79d77edfcdd4b8f6dcdcd1c70ad065cfbc747e1a618ac6343315d0b59ea4","tests/test_option.rs":"a3510dc1aef5a2dc995188506a560d7597d38717408606dece0b50a30d39bc26","tests/test_path.rs":"8f25b9be8940b9c41b254ae1bd265851e593734488fb0dbf94444bb583b95944","tests/test_source.rs":"6c352c520ead863601043f9c4a23751e235e710790f5c11f56f817a8811eb94f","tests/test_transparent.rs":"410a1328202e70bf64301737d4dda700bd9f073faacd3e50bdc4a7ddeddc8aa1","tests/ui/bad-field-attr.rs":"c5b567e3091969a01061843fb2d95c5e1aa3fa81edfeecdf416a84a6fba40aa8","tests/ui/bad-field-attr.stderr":"a43f52be4bc1f9cbdea550ba6a57943d52202c26c214f5fc980c1390fac7a478","tests/ui/concat-display.rs":"3995bd6b3bdd67df7bb16499775d89600c0dd20895633fe807396a64c117078d","tests/ui/concat-display.stderr":"33412b60bbca5192c87cc5580507e2f1f5aef1bd14279387eb9793d0b5f818d6","tests/ui/duplicate-enum-source.rs":"bfe28ce18042d446a76c7411aa233598211ce1157fdd3cb87bff3b3fa7c33131","tests/ui/duplicate-enum-source.stderr":"c4d2677360e868c0eb53e1a836b51d84c78878b738a6733f1781cf713ce2339b","tests/ui/duplicate-fmt.rs":"af53b66445bcce076a114376747f176b42c060a156563a41ccb638ae14c451fd","tests/ui/duplicate-fmt.stderr":"49ae7b3b0fb9893925b997c9d16da3fdb4cf53e4af028ae9938b372a3f4e570b","tests/ui/duplicate-struct-source.rs":"f3d5f8e3d6fccfcdbb630db291353709583a920c6bf46f9f9de9966b67ea4c0f","tests/ui/duplicate-struct-source.stderr":"c5ace25b856df309f4f8d15e159302e10d127c6c1c13a04144b1fb9f53dd4249","tests/ui/duplicate-transparent.rs":"41a9447e85f1a47027023442acde55c3d8610ec46d91b39bd43a42d7a004d747","tests/ui/duplicate-transparent.stderr":"c879653ffdfce93a13500a7b3e8c41383e8cfe1ad4aeb92ef68860af0ef7fd3e","tests/ui/from-not-source.rs":"744a55aeffe11066830159ac023c33aaa5576e313b341fa24440ee13dfe3ac98","tests/ui/from-not-source.stderr":"02b0337ec8ae65c4d04f0890032db4791c9d63f0d6d6c7bc5d161f5efccd7194","tests/ui/lifetime.rs":"e72e0391695e47fcd07edbf3819f114e468e2097086ec687781c7c8d6b4b7da7","tests/ui/lifetime.stderr":"9fde8069fd6c36d9f701ba89b710373d4a1059817a409c47213f882329c1ba87","tests/ui/missing-fmt.rs":"bc9e2830e54c2474ff6c27a766ed3dee88d29e40f93f30e8d64d63233866c17d","tests/ui/missing-fmt.stderr":"fd350d6252ed7ee71f99ded5be05f06be589995e998c1189df8bbbd312787d73","tests/ui/no-display.rs":"962245372272d23e9833311c15e73221b3c7da822a2ff90189613af56ffb5c2e","tests/ui/no-display.stderr":"f6be3a83ad23b2f48c085c26c8c5f8ea9d348352f1009cbb5376bfd993d3b180","tests/ui/source-enum-not-error.rs":"7c57c63b3ec37bc456738acea2e1038de5b0f32fe7e83984037d7ad1ed921737","tests/ui/source-enum-not-error.stderr":"4e736c7d6acd9c133315f6f50c78f46727cfd0f8894cb1a68d61ff9b097cbac6","tests/ui/source-struct-not-error.rs":"09fb7713637242dca9192585a6daeb8d732dc1c1d0fa522b74f1c98618e6d949","tests/ui/source-struct-not-error.stderr":"9aa0b567032185513fdb732bbb6887b9a30c7ddf0228ca811a7451c75b257364","tests/ui/transparent-display.rs":"b3c59583eb64b0b5a246444456d03cf52d51bcdc08885023600dbb44fd87e5f2","tests/ui/transparent-display.stderr":"8ea7d913aff8c7ff013b79801e190a5194fef49881b8ff682479d0bd7bc5b49f","tests/ui/transparent-enum-many.rs":"2a40a764fb4683bff57973eec61507a6c00f7d4d7a32da6e7bd0190c2e445434","tests/ui/transparent-enum-many.stderr":"1b9bcf7c98eee7cf8a30dc335d0960b9a2f98c8476f0313c9d2b76a173ad8abd","tests/ui/transparent-enum-source.rs":"18f606a98ac0a53f08dc56f5f923b9cbe75d25ed34479c777b48dac305d5968c","tests/ui/transparent-enum-source.stderr":"aa94074efa47d942b4eac43f5913b6d662ff5df48bcee9d1ab2c0942272657ad","tests/ui/transparent-struct-many.rs":"72c6b6c1a44c203d3bc68989b2f1ec092531ef75b745432824c3776c290326f6","tests/ui/transparent-struct-many.stderr":"9ed030f1ddbfcabf0e21a8ca21c58bf58153a81d911c113ec241f9b3b5e8aa71","tests/ui/transparent-struct-source.rs":"863fa691ed7d27e8767da58d9ee11fd40d6642274b36338ca1074c07964ea2b3","tests/ui/transparent-struct-source.stderr":"12ec7d7ce95685253739b1c0eb266a32670f38268583de84ec05955c3992f4b7","tests/ui/unexpected-field-fmt.rs":"29fba7b4d81c642ec8e47cfe053aa515acf9080a86d65e685363a48993becfe3","tests/ui/unexpected-field-fmt.stderr":"6e6bd3fcde43fbfd9036d44ea3c3a28f5fb545816e5287121d906c47447e9b32","tests/ui/unexpected-struct-source.rs":"c6cbe882d622635c216feb8290b1bd536ce0ec4feee16bc087667a21b3641d5c","tests/ui/unexpected-struct-source.stderr":"a7a3a50a790e0658e63783b2530acaaea2269f3ac30d8bca4001ef0a058161f4","tests/ui/union.rs":"331adff27cebd8b95b03b6742cc8247331fda1f961e1590ed39c8d39f50cf1d8","tests/ui/union.stderr":"2430a1e37611963714974664b6279a1ba87b1668381fd8bf93013bc5a5c76eaa"},"package":"fa6f76457f59514c7eeb4e59d891395fab0b2fd1d40723ae737d64153392e9c6"}+{"files":{"Cargo.toml":"4e67c7ab97838c17f0db6b027bbddfb59f549bf5b965f2e9e11863c522d6a80a","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","README.md":"a9f0f8261b1cb4b7a5e6e32242f511339e74452e44a92b6e6158c665108acb9f","rust-toolchain.toml":"6bbb61302978c736b2da03e4fb40e3beab908f85d533ab46fd541e637b5f3e0f","src/aserror.rs":"3dd14cfcfe4a0ab8b1dd774e4ea0a0197989afe84e0687e73873b61cfa4347fa","src/display.rs":"63c492bfa8b8e9180ad5abcbe63c1173b4ad490c47ec33cac9a338f96c8f8e42","src/lib.rs":"7e740a989ed7fe4f851a0a3ea3143b655a907a81a755034a84171466ab44f94b","tests/compiletest.rs":"c61425723ca4eeb4a9079495c0e9640a9d210780b47e183fdb09ee2ad6887ce6","tests/test_backtrace.rs":"32175af055514c4d8ee20923bdf26bf64b060e8642d8be3c50b77187d81c3acf","tests/test_display.rs":"dde5540dd4b47613ae9e3a1360ced832131a86c83ccc7da2bb89042062aa5d5e","tests/test_error.rs":"994f35bba245cbdc08c094094b9c1440a0a2b48333663c73c6a96e772ae5d3d8","tests/test_expr.rs":"cd42633c0b0a0f595a5c498e576ca50b3a1c555c54b4652bdd296a4073771a61","tests/test_from.rs":"41f2fbc391d95be68aefea3e4ae59bb71074bb020b0a1e109acbdea1f45e7666","tests/test_generics.rs":"4ca6a1a47bfc0095783133b7db9f626d176f65ca077cc15847f6ef5caff2d881","tests/test_lints.rs":"c17d79d77edfcdd4b8f6dcdcd1c70ad065cfbc747e1a618ac6343315d0b59ea4","tests/test_option.rs":"a3510dc1aef5a2dc995188506a560d7597d38717408606dece0b50a30d39bc26","tests/test_path.rs":"8f25b9be8940b9c41b254ae1bd265851e593734488fb0dbf94444bb583b95944","tests/test_source.rs":"6c352c520ead863601043f9c4a23751e235e710790f5c11f56f817a8811eb94f","tests/test_transparent.rs":"410a1328202e70bf64301737d4dda700bd9f073faacd3e50bdc4a7ddeddc8aa1","tests/ui/bad-field-attr.rs":"c5b567e3091969a01061843fb2d95c5e1aa3fa81edfeecdf416a84a6fba40aa8","tests/ui/bad-field-attr.stderr":"78f576d5ec66464a77f1cdf0f5bb7dcdf18f7f04f1165983a6239ec59d908ea3","tests/ui/concat-display.rs":"3995bd6b3bdd67df7bb16499775d89600c0dd20895633fe807396a64c117078d","tests/ui/concat-display.stderr":"f8ee9f2003def1b60b482e0fe01a61a2b77fd82508454a843dc6df60b8c92051","tests/ui/duplicate-enum-source.rs":"bfe28ce18042d446a76c7411aa233598211ce1157fdd3cb87bff3b3fa7c33131","tests/ui/duplicate-enum-source.stderr":"3d32fead420b27b4497be49080bc3b78f7f0ba339ead3de6c94e5dc20302c18f","tests/ui/duplicate-fmt.rs":"af53b66445bcce076a114376747f176b42c060a156563a41ccb638ae14c451fd","tests/ui/duplicate-fmt.stderr":"998bb121ce6f1595fd99529a7a1b06451b6bf476924337dce5524a83a7a5f1a1","tests/ui/duplicate-struct-source.rs":"f3d5f8e3d6fccfcdbb630db291353709583a920c6bf46f9f9de9966b67ea4c0f","tests/ui/duplicate-struct-source.stderr":"fb761d76668ac42357cf37b03c0abdbae5de0a828034990850291c9cb6ab766d","tests/ui/duplicate-transparent.rs":"41a9447e85f1a47027023442acde55c3d8610ec46d91b39bd43a42d7a004d747","tests/ui/duplicate-transparent.stderr":"4975abad43e973df158f18098d9bcb9dc39f8e75d3e733ed5d6620d1ee065c11","tests/ui/from-not-source.rs":"744a55aeffe11066830159ac023c33aaa5576e313b341fa24440ee13dfe3ac98","tests/ui/from-not-source.stderr":"525038e8b841707b927434cca4549168f73bd305faca17552a0d1fffa542ccc4","tests/ui/lifetime.rs":"e72e0391695e47fcd07edbf3819f114e468e2097086ec687781c7c8d6b4b7da7","tests/ui/lifetime.stderr":"d889a23f71324afe95dafc5f9d15337fbdbc9977cb8924f0cafe3a3becf4ced7","tests/ui/missing-fmt.rs":"bc9e2830e54c2474ff6c27a766ed3dee88d29e40f93f30e8d64d63233866c17d","tests/ui/missing-fmt.stderr":"9a20ccee9b660fe31a5b3199307b48580bb8305cb9ce33d97d3fc767a0cfc614","tests/ui/no-display.rs":"962245372272d23e9833311c15e73221b3c7da822a2ff90189613af56ffb5c2e","tests/ui/no-display.stderr":"d1d9e24b4689cd09e784ab9b62721f77a6fa5f4372ba45300997d2569ff7aa9a","tests/ui/source-enum-not-error.rs":"7c57c63b3ec37bc456738acea2e1038de5b0f32fe7e83984037d7ad1ed921737","tests/ui/source-enum-not-error.stderr":"897d610f1114bd108fa607f038f93438d57a1cc711db26ccb4e20ef31248386a","tests/ui/source-struct-not-error.rs":"09fb7713637242dca9192585a6daeb8d732dc1c1d0fa522b74f1c98618e6d949","tests/ui/source-struct-not-error.stderr":"a310d33021a1a1ed0a61090e7d60236a3c4da478a14ae7635c124779348ce831","tests/ui/transparent-display.rs":"b3c59583eb64b0b5a246444456d03cf52d51bcdc08885023600dbb44fd87e5f2","tests/ui/transparent-display.stderr":"16d538914e0d92026bde4b4bec75660217da9ecc6b621d12d2eb81d33ed1d1da","tests/ui/transparent-enum-many.rs":"2a40a764fb4683bff57973eec61507a6c00f7d4d7a32da6e7bd0190c2e445434","tests/ui/transparent-enum-many.stderr":"f1d78c1d6d8edbef153420db4fb9ca3dc6076fa043b5b1bc0cd291daa417a3ea","tests/ui/transparent-enum-source.rs":"18f606a98ac0a53f08dc56f5f923b9cbe75d25ed34479c777b48dac305d5968c","tests/ui/transparent-enum-source.stderr":"1b2e0ac53951034575d43ec0396c4e2b3cfb272db2aef8d6baa13a7e1632cc84","tests/ui/transparent-struct-many.rs":"72c6b6c1a44c203d3bc68989b2f1ec092531ef75b745432824c3776c290326f6","tests/ui/transparent-struct-many.stderr":"7bd0536dbb54a0ce7d4a8e66ca7624a1b132d8a1d1e4fecca642ec77494ac01c","tests/ui/transparent-struct-source.rs":"863fa691ed7d27e8767da58d9ee11fd40d6642274b36338ca1074c07964ea2b3","tests/ui/transparent-struct-source.stderr":"267dab65929e67d32347fb467a00b43af931f8205d727d7671938580217fc70e","tests/ui/unexpected-field-fmt.rs":"29fba7b4d81c642ec8e47cfe053aa515acf9080a86d65e685363a48993becfe3","tests/ui/unexpected-field-fmt.stderr":"20731c4a08af04bed3ff513903adadd690b6bc532b15604557e7f25575a8338f","tests/ui/unexpected-struct-source.rs":"c6cbe882d622635c216feb8290b1bd536ce0ec4feee16bc087667a21b3641d5c","tests/ui/unexpected-struct-source.stderr":"7c8227513478f6cc09e8a28be337c8a0e758a06ca5978d774c91bd43c4a54043","tests/ui/union.rs":"331adff27cebd8b95b03b6742cc8247331fda1f961e1590ed39c8d39f50cf1d8","tests/ui/union.stderr":"5f67ad29753d6fb14bc03aef7d4a1f660ee7796e469c037efbf8b13456934ad3"},"package":"854babe52e4df1653706b98fcfc05843010039b406875930a70e4d9644e5c417"}=========testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html@@ -1,21 +1,60 @@ <!DOCTYPE html>-<title>TreeWalker: cross-realm NodeFilter throws TypeError of current realm</title>+<meta charset="utf-8">+<title>TreeWalker: cross-realm NodeFilter throws TypeError of its associated Realm</title>+<link rel="help" href="https://webidl.spec.whatwg.org/#ref-for-prepare-to-run-script"> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script>-<link rel="help" href="https://webidl.spec.whatwg.org/#call-a-user-objects-operation">-<body id="treeWalkerRoot">-<div></div>+<iframe name="nodeFilterGlobalObject" src="support/empty-document.html"></iframe>++<div id="treeWalkerRoot">+ <div class="firstChild"></div>+</div> <script>-const iframe = document.createElement("iframe");-iframe.src = "support/TreeWalker-acceptNode-filter-cross-realm-subframe.html";-iframe.onload = () => {- for (const testCase of iframe.contentWindow.testCases) {- test(t => {- assert_equals(testCase.actual.constructor, testCase.expected);- }, testCase.description);- }-};-document.body.append(iframe);+test_onload(() => {+ const nodeFilter = new nodeFilterGlobalObject.Object;++ const walker = document.createTreeWalker(treeWalkerRoot, NodeFilter.SHOW_ELEMENT, nodeFilter);+ assert_throws_js(nodeFilterGlobalObject.TypeError, () => { walker.firstChild(); });+}, "NodeFilter is cross-realm plain object without 'acceptNode' property");++test_onload(() => {+ const nodeFilter = new nodeFilterGlobalObject.Object;+ nodeFilter.acceptNode = {};++ const walker = document.createTreeWalker(treeWalkerRoot, NodeFilter.SHOW_ELEMENT, nodeFilter);+ assert_throws_js(nodeFilterGlobalObject.TypeError, () => { walker.firstChild(); });+}, "NodeFilter is cross-realm plain object with non-callable 'acceptNode' property");++test_onload(() => {+ const { proxy, revoke } = Proxy.revocable(() => {}, {});+ revoke();++ const nodeFilter = new nodeFilterGlobalObject.Object;+ nodeFilter.acceptNode = proxy;++ const walker = document.createTreeWalker(treeWalkerRoot, NodeFilter.SHOW_ELEMENT, nodeFilter);+ assert_throws_js(nodeFilterGlobalObject.TypeError, () => { walker.firstChild(); });+}, "NodeFilter is cross-realm plain object with revoked Proxy as 'acceptNode' property");++test_onload(() => {+ const { proxy, revoke } = nodeFilterGlobalObject.Proxy.revocable({}, {});+ revoke();++ const walker = document.createTreeWalker(treeWalkerRoot, NodeFilter.SHOW_ELEMENT, proxy);+ assert_throws_js(nodeFilterGlobalObject.TypeError, () => { walker.firstChild(); });+}, "NodeFilter is cross-realm non-callable revoked Proxy");++test_onload(() => {+ const { proxy, revoke } = nodeFilterGlobalObject.Proxy.revocable(() => {}, {});+ revoke();++ const walker = document.createTreeWalker(treeWalkerRoot, NodeFilter.SHOW_ELEMENT, proxy);+ assert_throws_js(nodeFilterGlobalObject.TypeError, () => { walker.firstChild(); });+}, "NodeFilter is cross-realm callable revoked Proxy");++function test_onload(fn, desc) {+ async_test(t => { window.addEventListener("load", t.step_func_done(fn)); }, desc);+} </script>
After analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be: 1. For the rust/thiserror package, it's just a version update with checksum changes and some test file modifications. No security fixes are evident. 2. For the TreeWalker test file, the changes are test improvements and clarifications, not security fixes. The modifications include: - Updated test title and added meta charset - Restructured tests to use async_test pattern - Added more test cases for different scenarios - Improved error handling assertions Vulnerability Existed: no [No security vulnerability found] [third_party/rust/thiserror/.cargo-checksum.json] [File checksums and package version] [Old checksums and version] [New checksums and version] Vulnerability Existed: no [No security vulnerability found] [testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html] [Test improvements] [Old test structure] [New enhanced test structure] The changes appear to be routine updates and test improvements rather than security fixes. No CVE or specific vulnerability is being addressed in these changes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fontface.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fontface.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); var f = new FontFace("CanvasTest", "url('/fonts/CanvasTest.ttf')"); let fonts = (self.fonts ? self.fonts : document.fonts);@@ -26,10 +26,10 @@ ctx.fillRect(0, 0, 100, 50); ctx.fillStyle = '#0f0'; ctx.fillText('AA', 0, 50);- _assertPixelApprox(offscreenCanvas, 5,5, 0,255,0,255, "5,5", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 95,5, 0,255,0,255, "95,5", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 25,25, 0,255,0,255, "25,25", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 75,25, 0,255,0,255, "75,25", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 5,5, 0,255,0,255, "5,5", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 95,5, 0,255,0,255, "95,5", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 25,25, 0,255,0,255, "25,25", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 75,25, 0,255,0,255, "75,25", "0,255,0,255", 2); }).then(t_pass, t_fail); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming from `offscreenCanvas` to `canvas` and corresponding updates to the variable references. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-26]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixelApprox(offscreenCanvas, 5,5, 0,255,0,255, "5,5", "0,255,0,255", 2);
[etc.]
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixelApprox(canvas, 5,5, 0,255,0,255, "5,5", "0,255,0,255", 2);
[etc.]
The changes are purely cosmetic/refactoring in nature and don't appear to address any security issues. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.repeat.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.repeat.basic.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -36,10 +36,10 @@ var pattern = ctx.createPattern(bitmap, 'no-repeat'); ctx.fillStyle = pattern; ctx.fillRect(0, 0, 100, 50);- _assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");- _assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");- _assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");- _assertPixel(offscreenCanvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");+ _assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+ _assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");+ _assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+ _assertPixel(canvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255"); }, t_fail); }).then(t_pass, t_fail);
After analyzing the provided code diff, I don't see any security-related changes. The changes appear to be purely variable renaming and test assertions without any security implications. Here's the structured response:
Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.repeat.basic.html
Changes were limited to variable renaming (offscreenCanvas → canvas) and corresponding assertion updates
The changes made were:
1. Renamed variable `offscreenCanvas` to `canvas`
2. Updated all assertions to use the new variable name
3. No changes to the actual security-related functionality or patterns
These changes appear to be code style/readability improvements rather than security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.conic.positive.rotation.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.conic.positive.rotation.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); const g = ctx.createConicGradient(3*Math.PI/2, 50, 25); // It's red in the upper right region and green on the lower left region@@ -24,8 +24,8 @@ g.addColorStop(0.75, "#f00"); ctx.fillStyle = g; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 25,15, 255,0,0,255, "25,15", "255,0,0,255");-_assertPixel(offscreenCanvas, 75,40, 0,255,0,255, "75,40", "0,255,0,255");+_assertPixel(canvas, 25,15, 255,0,0,255, "25,15", "255,0,0,255");+_assertPixel(canvas, 75,40, 0,255,0,255, "75,40", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and corresponding updates to the variable references. Here's the analysis:
1. Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-14, 24-25]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 25,15, 255,0,0,255, "25,15", "255,0,0,255");
_assertPixel(offscreenCanvas, 75,40, 0,255,0,255, "75,40", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 25,15, 255,0,0,255, "25,15", "255,0,0,255");
_assertPixel(canvas, 75,40, 0,255,0,255, "75,40", "0,255,0,255");
The changes are purely cosmetic/refactoring in nature and don't address any security issues. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/media/libwebp/src/dec/vp8i_dec.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/media/libwebp/src/dec/vp8i_dec.h@@ -32,7 +32,7 @@ // version numbers #define DEC_MAJ_VERSION 1 #define DEC_MIN_VERSION 2-#define DEC_REV_VERSION 1+#define DEC_REV_VERSION 2 // YUV-cache parameters. Cache is 32-bytes wide (= one cacheline). // Constraints are: We need to store one 16x16 block of luma samples (y),
Based on the provided diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: not sure
Version Update [File] media/libwebp/src/dec/vp8i_dec.h [Lines] 32-34
[Old Code]
#define DEC_MAJ_VERSION 1
#define DEC_MIN_VERSION 2
#define DEC_REV_VERSION 1
[Fixed Code]
#define DEC_MAJ_VERSION 1
#define DEC_MIN_VERSION 2
#define DEC_REV_VERSION 2
Additional Details:
- The diff only shows a version number update from 1.2.1 to 1.2.2
- Without more context about what changed between these versions, we cannot definitively say if this was a security fix
- Version updates often include security fixes, but they can also include non-security related improvements
- The file appears to be part of libwebp, which has had vulnerabilities in the past, but this specific change doesn't show any vulnerable code patterns
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/thebes/gfxMacFont.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/thebes/gfxMacFont.cpp@@ -375,8 +375,8 @@ } mSpaceGlyph = glyphID;- mMetrics.ideographicWidth = GetCharWidth(cmap, kWaterIdeograph, &glyphID,- cgConvFactor);+ mMetrics.ideographicWidth =+ GetCharWidth(cmap, kWaterIdeograph, &glyphID, cgConvFactor); if (glyphID == 0) { // Indicate "not found". mMetrics.ideographicWidth = -1.0;
Analyzing the provided code diff:
1. Vulnerability Existed: not sure
[Code Style/Formatting Issue] [gfx/thebes/gfxMacFont.cpp] [Lines 375-378]
[Old Code]
mMetrics.ideographicWidth = GetCharWidth(cmap, kWaterIdeograph, &glyphID,
cgConvFactor);
[Fixed Code]
mMetrics.ideographicWidth =
GetCharWidth(cmap, kWaterIdeograph, &glyphID, cgConvFactor);
Additional Details:
- The change appears to be purely stylistic/formatting related, breaking a long line into two for better readability
- No obvious security vulnerability is being fixed here
- The functionality remains exactly the same, just with improved code formatting
- Without more context about the GetCharWidth function or surrounding code, I can't identify any security implications
Note: While this doesn't appear to fix a security vulnerability, it's worth noting that consistent code formatting can help prevent future bugs by making the code more readable and maintainable.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/glean-core/src/internal_metrics.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/glean-core/src/internal_metrics.rs@@ -20,14 +20,6 @@ /// A count of the pings submitted, by ping type. pub pings_submitted: LabeledMetric<CounterMetric>,-- /// The number of times we encountered an invalid timezone offset- /// (outside of [-24, +24] hours).- ///- /// **Note**: This metric has an expiration date set.- /// However because it's statically defined here we can't specify that.- /// Needs to be removed after 2021-06-30.- pub invalid_timezone_offset: CounterMetric, } impl CoreMetrics {@@ -101,15 +93,6 @@ }), None, ),-- invalid_timezone_offset: CounterMetric::new(CommonMetricData {- name: "invalid_timezone_offset".into(),- category: "glean.time".into(),- send_in_pings: vec!["metrics".into()],- lifetime: Lifetime::Ping,- disabled: false,- dynamic_label: None,- }), } } }
Here's the analysis following the specified format:
Vulnerability Existed: not sure
[Removal of Deprecated Metric] [third_party/rust/glean-core/src/internal_metrics.rs] [Lines 20-6, 101-15]
[Old Code]
```rust
/// The number of times we encountered an invalid timezone offset
/// (outside of [-24, +24] hours).
///
/// **Note**: This metric has an expiration date set.
/// However because it's statically defined here we can't specify that.
/// Needs to be removed after 2021-06-30.
pub invalid_timezone_offset: CounterMetric,
```
[Fixed Code]
```rust
// Metric removed entirely
```
Additional Details:
The diff shows removal of a deprecated metric (`invalid_timezone_offset`) that was marked for removal after 2021-06-30. While this isn't a security vulnerability per se, it's a maintenance change to remove outdated code. There's no clear security vulnerability being fixed here, just cleanup of an expired metric. The removal aligns with the documented expiration date in the comments.
No other vulnerabilities were identified in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/neqo-http3/src/priority.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/neqo-http3/src/priority.rs@@ -1,4 +1,4 @@-use crate::{Error, HFrame, Header, Res};+use crate::{frames::HFrame, Error, Header, Res}; use neqo_transport::StreamId; use sfv::{BareItem, Item, ListEntry, Parser}; use std::convert::TryFrom;@@ -111,9 +111,9 @@ } }- pub fn priority(&self) -> Priority {+ /*pub fn priority(&self) -> Priority { self.priority- }+ }*/ /// Returns if an priority update will be issued pub fn maybe_update_priority(&mut self, priority: Priority) -> bool {
Let me analyze the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Information Exposure] [third_party/rust/neqo-http3/src/priority.rs] [Lines 111-113]
[Old Code]
pub fn priority(&self) -> Priority {
self.priority
}
[Fixed Code]
/*pub fn priority(&self) -> Priority {
self.priority
}*/
Additional Details:
- The change removes a public getter method for the priority field, which could be a defensive programming measure to prevent potential information exposure.
- Without more context about how this priority information is used, it's unclear if this was an actual security vulnerability or just a code cleanup.
- The change might be related to preventing unauthorized access to priority information, but we can't confirm this from the diff alone.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/proc-macro2/src/detection.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/proc-macro2/src/detection.rs@@ -5,7 +5,7 @@ static INIT: Once = Once::new(); pub(crate) fn inside_proc_macro() -> bool {- match WORKS.load(Ordering::SeqCst) {+ match WORKS.load(Ordering::Relaxed) { 1 => return false, 2 => return true, _ => {}@@ -16,7 +16,7 @@ } pub(crate) fn force_fallback() {- WORKS.store(1, Ordering::SeqCst);+ WORKS.store(1, Ordering::Relaxed); } pub(crate) fn unforce_fallback() {@@ -26,7 +26,7 @@ #[cfg(not(no_is_available))] fn initialize() { let available = proc_macro::is_available();- WORKS.store(available as usize + 1, Ordering::SeqCst);+ WORKS.store(available as usize + 1, Ordering::Relaxed); } // Swap in a null panic hook to avoid printing "thread panicked" to stderr,@@ -65,7 +65,7 @@ panic::set_hook(null_hook); let works = panic::catch_unwind(proc_macro::Span::call_site).is_ok();- WORKS.store(works as usize + 1, Ordering::SeqCst);+ WORKS.store(works as usize + 1, Ordering::Relaxed); let hopefully_null_hook = panic::take_hook(); panic::set_hook(original_hook);
Analyzing the provided code diff, I'll examine each change for potential security vulnerabilities:
1. First change (Ordering::SeqCst to Ordering::Relaxed):
Vulnerability Existed: not sure
[Memory Ordering Change] [third_party/rust/proc-macro2/src/detection.rs] [Lines 5-7]
[Old Code: match WORKS.load(Ordering::SeqCst)]
[Fixed Code: match WORKS.load(Ordering::Relaxed)]
2. Second change (Ordering::SeqCst to Ordering::Relaxed):
Vulnerability Existed: not sure
[Memory Ordering Change] [third_party/rust/proc-macro2/src/detection.rs] [Lines 16-18]
[Old Code: WORKS.store(1, Ordering::SeqCst)]
[Fixed Code: WORKS.store(1, Ordering::Relaxed)]
3. Third change (Ordering::SeqCst to Ordering::Relaxed):
Vulnerability Existed: not sure
[Memory Ordering Change] [third_party/rust/proc-macro2/src/detection.rs] [Lines 26-28]
[Old Code: WORKS.store(available as usize + 1, Ordering::SeqCst)]
[Fixed Code: WORKS.store(available as usize + 1, Ordering::Relaxed)]
4. Fourth change (Ordering::SeqCst to Ordering::Relaxed):
Vulnerability Existed: not sure
[Memory Ordering Change] [third_party/rust/proc-macro2/src/detection.rs] [Lines 65-67]
[Old Code: WORKS.store(works as usize + 1, Ordering::SeqCst)]
[Fixed Code: WORKS.store(works as usize + 1, Ordering::Relaxed)]
The changes all involve switching from SeqCst (Sequentially Consistent) to Relaxed memory ordering in atomic operations. While this could potentially affect thread safety, I'm not certain if this constitutes a security vulnerability in this specific context. The Relaxed ordering provides fewer guarantees about operation ordering, but the impact would depend on how this code is used in the larger system. Without more context about the threading model and usage patterns, I can't definitively say whether this was fixing a vulnerability or just an optimization.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.