List of known security problems with old SpiderMonkey code base?

[petterreinholdtsen]

Is there a list of known security issues with the embedded SpiderMonkey code base used by ooline, ref https://github.com/OoliteProject/spidermonkey-ff4/ ? It seem to have been untouched for 8-12 years. I have been able to locate
https://security-tracker.debian.org/tracker/CVE-2019-11750 myself, but am unsure if there are others.

[AnotherCommander]

I am not aware of any such list.

I am not sure if this would sufficiently cover your inquiry about security, but there is an old discussion from the time just before adopting the SpiderMonkey FF4 version we use now. Check out the posts by Jens and make sure to not miss the later ones too. The measures taken to minimize risks are also discussed (white listing of executable methods etc.).

Link to discussion: https://bugzilla.redhat.com/show_bug.cgi?id=459211

[petterreinholdtsen]

[AnotherCommander]

I am not aware of any such list.

OK. I take this to mean no structured security tracking has taken place with the embedded copy in the last 8-12 years, then. :)

I am not sure if this would sufficiently cover your inquiry about security, but there is an old discussion from the time just before adopting the SpiderMonkey FF4 version we use now. Check out the posts by Jens and make sure to not miss the later ones too. The measures taken to minimize risks are also discussed (white listing of executable methods etc.). Link to discussion: https://bugzilla.redhat.com/show_bug.cgi?id=459211

Thank you. Quite useful reading. :)

…

-- Happy yhacking Petter Reinholdtsen