Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content

Prioritise app updates if a compatible architecture is found

  • /e/ version: 0.9-o-2020051454222-dev
  • Device model: star2lte
  • When it started to occur: see text
  • Reproducible with the last /e/ version: unknown
  • Reproducible with LineageOS: no

Summary

It seems once an architecture is installed, the Apps client will only look for updates of that same architecture: eg arm8. If then a new version comes out for a few days or weeks (?) only with arm7 support, which also works on that device, then the client should prioritise getting the newer version over having the same architecture apk.

Original ticket:

It looks like Firefox in the /e/ apps store is outdated again.

The current version downloadable in the store is 68.8.1 (updated on 2020-05-20).

The most recent version from Mozilla is: 68.9.0 (released 2020-06-02)

The version in Google Play is: 68.9.0 (available in the Play Store since 2020-06-02)

The version available from APKpure is: 68.9.0 (available since 2020-06-09)

So the following security issues are open for /e/ users who downloaded and use Firefox 68.8.1 from the /e/ apps store:

#CVE-2020-12399: Timing attack on DSA signatures in NSS library

Reporter Cesar Pereida Garcia and the Network and Information Security Group (NISEC) at Tampere University Impact high

Description

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. References

Bug 1631576

#CVE-2020-12405: Use-after-free in SharedWorkerService

Reporter Marcin ‘Icewall’ Noga of Cisco Talos Impact high

Description

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. References

Bug 1631618

#CVE-2020-12406: JavaScript Type confusion with NativeTypes

Reporter Iain Ireland Impact high

Description

Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. References

Bug 1639590

#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9

Reporter Mozilla developers Impact high

Description

Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References

Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9

(Source: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/ )

  • The device is unusable
  • The bug is the source of a data loss or a big waste of time
  • The bug concerns a third-party application
  • The bug concerns security
  • The bug concerns privacy

The problem

Steps to reproduce

Open /e/ apps store, search for Firefox, version 68.8.1 is presented.

What is the current behavior?

Outdated version available (68.8.1)

What is the expected correct behavior?

Latest version available (68.9.0)

Technical informations

Relevant logs (adb logcat)

Relevant screenshots

Solutions

Workaround

--

Possible fixes

Edited by Arnau Vàzquez