From owner-freebsd-gnome  Wed May  8 17:20:56 2002
Delivered-To: freebsd-gnome@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5B8D637B405; Wed,  8 May 2002 17:20:51 -0700 (PDT)
Received: by peitho.fxp.org (Postfix, from userid 1000)
	id 8B79A13676; Wed,  8 May 2002 20:20:45 -0400 (EDT)
Date: Wed, 8 May 2002 20:20:45 -0400
From: Chris Faulhaber <jedgar@fxp.org>
To: Trevor Johnson <trevor@jpj.net>
Cc: security-officer@freebsd.org, gnome@freebsd.org
Subject: Re: FYI:  more Mozilla security bugs
Message-ID: <20020509002045.GA34336@peitho.fxp.org>
References: <20020508200506.X28748-100000@blues.jpj.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ"
Content-Disposition: inline
In-Reply-To: <20020508200506.X28748-100000@blues.jpj.net>
User-Agent: Mutt/1.3.24i
Sender: owner-freebsd-gnome@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-gnome.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-gnome>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-gnome>
X-Loop: FreeBSD.ORG


--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote:
> trevor      2002/05/08 17:03:03 PDT
>=20
>   Modified files:
>     www/linux-mozilla    Makefile distinfo
>     www/linux-mozilla/scripts configure
>   Log:
>   Update to a nightly build.  Using the GreyMagic Mozilla Disk Explorer
>   and c't Browsercheck, I am no longer able to activate bug #141061
>   ("XMLHttpRequest allows reading of local files").
>=20
>   In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.dk>
>   on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla.
>   I confirmed the bug with this version of Mozilla/Chatzilla.  Therefore
>   the chatzilla component is now omitted from batch builds and defaults
>   to being omitted from interactive ones too (XFree86 did crash
>   once--perhaps taken down by Mozilla--when I was viewing Thor's
>   demonstration page for the bug, but a second visit was uneventful).
>   I added a warning in capitals for interactive users.  I was unable
>   to reproduce the other bug reported by Thor in the same message.
>=20

Thanks for the heads up, I have added this to the upcoming
Security Notice.  Do these affect the native FreeBSD build
also?

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iD8DBQE82cDdObaG4P6BelARAjNcAKCgv0ipwy4CIeOyAEaYtO5IKPJ7PwCeNBPD
D8+lI7NbKi2O1rA4oDW7O/E=
=j7CT
-----END PGP SIGNATURE-----

--lrZ03NoBR/3+SXJZ--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message