130
edits
Security/Firefox/Security Bug Life Cycle/Security Advisories: Difference between revisions
Jump to navigation
Jump to search
Security/Firefox/Security Bug Life Cycle/Security Advisories (view source)
Revision as of 16:22, 8 December 2022
, 8 December 2022no edit summary
No edit summary |
|||
| Line 15: | Line 15: | ||
* Internally found memory corruption issues, usually found by developers or members of the fuzzing team, are included in a “roll-up” advisory that is a list of internally found and fixed issues affecting the previous release that were reported by employees or longtime community members. This roll up does not get a detailed advisory but is simply a list of internally found issues. | * Internally found memory corruption issues, usually found by developers or members of the fuzzing team, are included in a “roll-up” advisory that is a list of internally found and fixed issues affecting the previous release that were reported by employees or longtime community members. This roll up does not get a detailed advisory but is simply a list of internally found issues. | ||
* Externally reported security bugs with security ratings always receive an advisory outside of the above parameters if they affected a shipped Firefox release. | * Externally reported security bugs with security ratings always receive an advisory outside of the above parameters if they affected a shipped Firefox release. | ||
* Internally-found vulnerabilities that are not simple memory corruption usually get a separate advisory and don't go in the | * ASAN Nightly bugs go into the roll-up advisory. | ||
* Internally-found vulnerabilities that are not simple memory corruption usually get a separate advisory and don't go in the roll-up | |||
* Vulnerabilities that only existed in Nightly or Beta versions do not need an advisory. | * Vulnerabilities that only existed in Nightly or Beta versions do not need an advisory. | ||