Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 May 2002 20:20:45 -0400
From:      Chris Faulhaber <jedgar@fxp.org>
To:        Trevor Johnson <trevor@jpj.net>
Cc:        security-officer@freebsd.org, gnome@freebsd.org
Subject:   Re: FYI:  more Mozilla security bugs
Message-ID:  <20020509002045.GA34336@peitho.fxp.org>
In-Reply-To: <20020508200506.X28748-100000@blues.jpj.net>
References:  <20020508200506.X28748-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote:
> trevor      2002/05/08 17:03:03 PDT
>=20
>   Modified files:
>     www/linux-mozilla    Makefile distinfo
>     www/linux-mozilla/scripts configure
>   Log:
>   Update to a nightly build.  Using the GreyMagic Mozilla Disk Explorer
>   and c't Browsercheck, I am no longer able to activate bug #141061
>   ("XMLHttpRequest allows reading of local files").
>=20
>   In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.dk>
>   on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla.
>   I confirmed the bug with this version of Mozilla/Chatzilla.  Therefore
>   the chatzilla component is now omitted from batch builds and defaults
>   to being omitted from interactive ones too (XFree86 did crash
>   once--perhaps taken down by Mozilla--when I was viewing Thor's
>   demonstration page for the bug, but a second visit was uneventful).
>   I added a warning in capitals for interactive users.  I was unable
>   to reproduce the other bug reported by Thor in the same message.
>=20

Thanks for the heads up, I have added this to the upcoming
Security Notice.  Do these affect the native FreeBSD build
also?

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iD8DBQE82cDdObaG4P6BelARAjNcAKCgv0ipwy4CIeOyAEaYtO5IKPJ7PwCeNBPD
D8+lI7NbKi2O1rA4oDW7O/E=
=j7CT
-----END PGP SIGNATURE-----

--lrZ03NoBR/3+SXJZ--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020509002045.GA34336>