From owner-freebsd-gnome Wed May 8 17:48:59 2002 Delivered-To: freebsd-gnome@freebsd.org Received: from creme-brulee.marcuscom.com (rdu57-17-158.nc.rr.com [66.57.17.158]) by hub.freebsd.org (Postfix) with ESMTP id 51B2737B40C; Wed, 8 May 2002 17:48:46 -0700 (PDT) Received: from shumai.marcuscom.com (marcus@shumai.marcuscom.com [192.168.1.4]) by creme-brulee.marcuscom.com (8.12.3/8.12.2) with ESMTP id g490kSwD095861; Wed, 8 May 2002 20:46:28 -0400 (EDT) (envelope-from marcus@marcuscom.com) Subject: Re: FYI: more Mozilla security bugs From: Joe Marcus Clarke To: Chris Faulhaber Cc: Trevor Johnson , security-officer@FreeBSD.ORG, gnome@FreeBSD.ORG In-Reply-To: <20020509002045.GA34336@peitho.fxp.org> References: <20020508200506.X28748-100000@blues.jpj.net> <20020509002045.GA34336@peitho.fxp.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-IMvSPtUUp+I7ixxkJU3N" X-Mailer: Ximian Evolution 1.0.3 Date: 08 May 2002 20:48:43 -0400 Message-Id: <1020905324.57890.1.camel@shumai.marcuscom.com> Mime-Version: 1.0 Sender: owner-freebsd-gnome@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-IMvSPtUUp+I7ixxkJU3N Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-05-08 at 21:20, Chris Faulhaber wrote: > On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote: > > trevor 2002/05/08 17:03:03 PDT > >=20 > > Modified files: > > www/linux-mozilla Makefile distinfo > > www/linux-mozilla/scripts configure > > Log: > > Update to a nightly build. Using the GreyMagic Mozilla Disk Explorer > > and c't Browsercheck, I am no longer able to activate bug #141061 > > ("XMLHttpRequest allows reading of local files"). > >=20 > > In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.dk> > > on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla. > > I confirmed the bug with this version of Mozilla/Chatzilla. Therefor= e > > the chatzilla component is now omitted from batch builds and defaults > > to being omitted from interactive ones too (XFree86 did crash > > once--perhaps taken down by Mozilla--when I was viewing Thor's > > demonstration page for the bug, but a second visit was uneventful). > > I added a warning in capitals for interactive users. I was unable > > to reproduce the other bug reported by Thor in the same message. > >=20 >=20 > Thanks for the heads up, I have added this to the upcoming > Security Notice. Do these affect the native FreeBSD build > also? I've fixed the native build for this bug, and the resulting SEGV problem from the initial patch. Not sure if this chat bug is something else we should be worried about for the native build, though. Joe >=20 > --=20 > Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org > -------------------------------------------------------- > FreeBSD: The Power To Serve - http://www.FreeBSD.org --=-IMvSPtUUp+I7ixxkJU3N Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQA82cdrb2iPiv4Uz4cRAsshAJ0fL8LMDy94S8igdzTxM/gOWEsCqACeJb8O oShbWRf+LVmQcF03IJr8mWE= =NmrP -----END PGP SIGNATURE----- --=-IMvSPtUUp+I7ixxkJU3N-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-gnome" in the body of the message