Bug#959805: libproxy1-plugin-mozjs: Passes invalid/corrupted strings to FindProxyForURL()

Jeremy Bicha jeremy at bicha.net
Tue May 5 23:35:28 BST 2020


On Tue, May 5, 2020 at 10:33 AM Simon McVittie <smcv at debian.org> wrote:
> However, this plugin has a popcon of 108 installations (compared with 27K
> for its webkit counterpart), wasn't shipped in buster, and I don't think
> we consider mozjs68 to be safe for use with untrusted content (although
> PAC is probably at least semi-trusted in any reasonable threat model);
> so perhaps it should just be removed instead?

Does anyone know if there is anything the mozjs plugin can do that the
webkit can't?

I'd prefer we only offer the webkit version.

Thanks,
Jeremy Bicha



More information about the pkg-gnome-maintainers mailing list