Prioritise app updates if a compatible architecture is found
- /e/ version: 0.9-o-2020051454222-dev
- Device model: star2lte
- When it started to occur: see text
- Reproducible with the last /e/ version: unknown
- Reproducible with LineageOS: no
Summary
It seems once an architecture is installed, the Apps client will only look for updates of that same architecture: eg arm8. If then a new version comes out for a few days or weeks (?) only with arm7 support, which also works on that device, then the client should prioritise getting the newer version over having the same architecture apk.
Original ticket:
It looks like Firefox in the /e/ apps store is outdated again.
The current version downloadable in the store is 68.8.1 (updated on 2020-05-20).
The most recent version from Mozilla is: 68.9.0 (released 2020-06-02)
The version in Google Play is: 68.9.0 (available in the Play Store since 2020-06-02)
The version available from APKpure is: 68.9.0 (available since 2020-06-09)
So the following security issues are open for /e/ users who downloaded and use Firefox 68.8.1 from the /e/ apps store:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
Reporter Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University Impact high
Description
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. References
Bug 1631576
#CVE-2020-12405: Use-after-free in SharedWorkerService
Reporter Marcin ‘Icewall’ Noga of Cisco Talos Impact high
Description
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. References
Bug 1631618
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
Reporter Iain Ireland Impact high
Description
Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. References
Bug 1639590
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
Reporter Mozilla developers Impact high
Description
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References
Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
(Source: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/ )
-
The device is unusable -
The bug is the source of a data loss or a big waste of time -
The bug concerns a third-party application -
The bug concerns security -
The bug concerns privacy
The problem
Steps to reproduce
Open /e/ apps store, search for Firefox, version 68.8.1 is presented.
What is the current behavior?
Outdated version available (68.8.1)
What is the expected correct behavior?
Latest version available (68.9.0)
Technical informations
adb logcat
)
Relevant logs (Relevant screenshots
Solutions
Workaround
--