Use the system-wide media-libs/dav1d and media-libs/libaom library instead of bundled !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occurĮnable support for the media-sound/sndio backend Use media-libs/openh264 for H264 support instead of downloading binary blob from Mozilla at runtimeĪdd support for profile-guided optimization for faster binariesthis option will double the compile timeĮnable support for remote desktop and screen cast using media-video/pipewire If you want to get meaningful backtraces see ĭisable EME (DRM plugin) capability at build timeĪllow Gecko Media Plugins (binary blobs) to be automatically downloaded and kept up-to-date in user profilesĪctivate default security enhancements for toolchain (gcc, glibc, binutils)įorce-enable hardware-accelerated rendering (Mozilla bug 594876)Īdd support for the JACK Audio Connection Kit 4.6 Windows decorations missing in Fluxbox since FF-91.3.0Įnable dbus support for anything that needs it (gpsd, gnomemeeting, etc)Įnable extra debug codepaths, like asserts and extra output.4.4 Screen tearing / stuttering smooth scrolling.4.3 Lack of sound (www-client/firefox-bin).
2.8 Disable enforced digital signatures verification in Firefox >=48.2.4 Bigger scrolling regions for Up/Down.Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, conduct spoofing attacks, execute arbitrary code, obtain sensitive information and cause denial of service attack on the targeted system. “These vulnerabilities exist in Mozilla products due to use-after-free in-text reflows and thread shutdown, time-of-check time-of-use bug when verifying add-on signatures, an error when controlling the contents of an iframe sandboxed with allow-popups but not allow-scripts, memory safety bugs within the browser engine, downloading of temporary files to /tmp and accessible by other local users, side-channel attacks on the text and browser window spoof using full screen mode,” CERT-In explained in the latest advisory.įurther explaining how hackers could exploit the security flaws, CERT-In said in an official statement, “A remote attacker could exploit these vulnerabilities by convincing a victim to visit a specially crafted link or web site. In addition, Mozilla Firefox ESR versions before 91.7 and Mozilla Firefox Thunderbird versions prior to 91.7 are also facing similar security vulnerabilities. The security agency revealed that all Mozilla Firefox versions before the latest Firefox 98 update are impacted by these security vulnerabilities. CERT-In highlighted that these vulnerabilities could be used by hackers to not only bypass security restrictions, but also conduct spoofing attacks, execute arbitrary code, and obtain sensitive details without users’ consent.
0 kommentar(er)
