Date: 08 May 2002 20:48:43 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Chris Faulhaber <jedgar@fxp.org> Cc: Trevor Johnson <trevor@jpj.net>, security-officer@FreeBSD.ORG, gnome@FreeBSD.ORG Subject: Re: FYI: more Mozilla security bugs Message-ID: <1020905324.57890.1.camel@shumai.marcuscom.com> In-Reply-To: <20020509002045.GA34336@peitho.fxp.org> References: <20020508200506.X28748-100000@blues.jpj.net> <20020509002045.GA34336@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-IMvSPtUUp+I7ixxkJU3N
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2002-05-08 at 21:20, Chris Faulhaber wrote:
> On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote:
> > trevor 2002/05/08 17:03:03 PDT
> >=20
> > Modified files:
> > www/linux-mozilla Makefile distinfo
> > www/linux-mozilla/scripts configure
> > Log:
> > Update to a nightly build. Using the GreyMagic Mozilla Disk Explorer
> > and c't Browsercheck, I am no longer able to activate bug #141061
> > ("XMLHttpRequest allows reading of local files").
> >=20
> > In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.dk>
> > on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla.
> > I confirmed the bug with this version of Mozilla/Chatzilla. Therefor=
e
> > the chatzilla component is now omitted from batch builds and defaults
> > to being omitted from interactive ones too (XFree86 did crash
> > once--perhaps taken down by Mozilla--when I was viewing Thor's
> > demonstration page for the bug, but a second visit was uneventful).
> > I added a warning in capitals for interactive users. I was unable
> > to reproduce the other bug reported by Thor in the same message.
> >=20
>=20
> Thanks for the heads up, I have added this to the upcoming
> Security Notice. Do these affect the native FreeBSD build
> also?
I've fixed the native build for this bug, and the resulting SEGV problem
from the initial patch. Not sure if this chat bug is something else we
should be worried about for the native build, though.
Joe
>=20
> --=20
> Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
> --------------------------------------------------------
> FreeBSD: The Power To Serve - http://www.FreeBSD.org
--=-IMvSPtUUp+I7ixxkJU3N
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQA82cdrb2iPiv4Uz4cRAsshAJ0fL8LMDy94S8igdzTxM/gOWEsCqACeJb8O
oShbWRf+LVmQcF03IJr8mWE=
=NmrP
-----END PGP SIGNATURE-----
--=-IMvSPtUUp+I7ixxkJU3N--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1020905324.57890.1.camel>