Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 May 2002 20:58:19 -0400 (EDT)
From:      Trevor Johnson <trevor@jpj.net>
To:        Chris Faulhaber <jedgar@fxp.org>
Cc:        security-officer@freebsd.org, <gnome@freebsd.org>
Subject:   Re: FYI:  more Mozilla security bugs
Message-ID:  <20020508205233.V29451-100000@blues.jpj.net>
In-Reply-To: <20020509002045.GA34336@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Chris Faulhaber wrote:

> On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote:
> > trevor      2002/05/08 17:03:03 PDT
> >
> >   Modified files:
> >     www/linux-mozilla    Makefile distinfo
> >     www/linux-mozilla/scripts configure
> >   Log:
> >   Update to a nightly build.  Using the GreyMagic Mozilla Disk Explorer
> >   and c't Browsercheck, I am no longer able to activate bug #141061
> >   ("XMLHttpRequest allows reading of local files").
> >
> >   In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.dk>
> >   on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla.
> >   I confirmed the bug with this version of Mozilla/Chatzilla.  Therefore
> >   the chatzilla component is now omitted from batch builds and defaults
> >   to being omitted from interactive ones too (XFree86 did crash
> >   once--perhaps taken down by Mozilla--when I was viewing Thor's
> >   demonstration page for the bug, but a second visit was uneventful).
> >   I added a warning in capitals for interactive users.  I was unable
> >   to reproduce the other bug reported by Thor in the same message.
> >
>
> Thanks for the heads up, I have added this to the upcoming
> Security Notice.  Do these affect the native FreeBSD build
> also?

I did not test the native Mozilla, since I do not have it installed.  For
someone who does, testing is easy:  just go to Thor's demonstration pages
at http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html and
http://jscript.dk/2002/4/NS6Tests/LinkLocalFileDetect.asp (for the latter,
you will want to try some POSIX filenames). These pages are mentioned in
his message, which I forwarded to you.  I also made a non-javascript
demonstration page for the chatzilla bug, at
http://jpj.net/~trevor/evil.html .  Please do not publicize it.
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020508205233.V29451-100000>