关键信息 漏洞编号: CVE-2021-4127 漏洞标题: Angle Security Backports for ESR-78 状态: Closed 优先级: P3 严重性: S3 类型: defect 产品: Core 组件: Graphics 报告人: Tom Ritter [tjr] 分配给: jgilbert 关键讨论点 漏洞统计: Review of 4453 commits found issues like crashes, restricted bugs, ASAN, TSAN, overflows, etc. 更新状态: ANGLE has been updated to version 87 nightly in bug 1690349. 安全考量: There are options like backporting obvious stuff, full library update, moving ESR off of ANGLE, evaluating ANGLE’s commit log. ESR决策: Discussed whether to leave 86 alone or update ANGLE wholesale, ultimately opting for a full update due to security implications even though there are risks and it could break some sites. 测试问题: Hit by Pwn2Own. 补丁和文件 附件: : List of commits reviewed for potential security issues. 补丁: Several patches related to ANGLE and security backports, including specific updates for Firefox versions 87/86, and ESR 78.