Hello. firefox-41.0.2 was released with a security fix: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41.0.2 https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ Please bump.
does this affect 38.x?
Technically, yes it might be, but not in a general case. Prior to firefox-39, the code supporting the "Fetch API" was reportedly in place but disabled, and needed to be manually enabled in about:config. As mozilla didn't feel the risk was worthy enough for a security patch to the 38 series, I think we are probably good to exclude it here as well.
@maintainers, I only see this as being applied to 41.0.2 and not backported. Per previous comments I think we can move on here. Any objections?
(In reply to Aaron Bauman from comment #3) > @maintainers, I only see this as being applied to 41.0.2 and not backported. > Per previous comments I think we can move on here. Any objections? No need to backport, all versions prior to firefox-39 (ie, 38.x ESR and earlier) are unaffected. Yes, please continue.
Added to existing GLSA.
This issue was resolved and addressed in GLSA 201605-06 at https://security.gentoo.org/glsa/201605-06 by GLSA coordinator Yury German (BlueKnight).