From owner-freebsd-gnome  Wed May  8 17:58:34 2002
Delivered-To: freebsd-gnome@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8060037B422; Wed,  8 May 2002 17:58:22 -0700 (PDT)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g490wJM01003;
	Wed, 8 May 2002 20:58:19 -0400 (EDT)
Date: Wed, 8 May 2002 20:58:19 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: Chris Faulhaber <jedgar@fxp.org>
Cc: security-officer@freebsd.org, <gnome@freebsd.org>
Subject: Re: FYI:  more Mozilla security bugs
In-Reply-To: <20020509002045.GA34336@peitho.fxp.org>
Message-ID: <20020508205233.V29451-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-gnome@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-gnome.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-gnome>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-gnome>
X-Loop: FreeBSD.ORG

Chris Faulhaber wrote:

> On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote:
> > trevor      2002/05/08 17:03:03 PDT
> >
> >   Modified files:
> >     www/linux-mozilla    Makefile distinfo
> >     www/linux-mozilla/scripts configure
> >   Log:
> >   Update to a nightly build.  Using the GreyMagic Mozilla Disk Explorer
> >   and c't Browsercheck, I am no longer able to activate bug #141061
> >   ("XMLHttpRequest allows reading of local files").
> >
> >   In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.dk>
> >   on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla.
> >   I confirmed the bug with this version of Mozilla/Chatzilla.  Therefore
> >   the chatzilla component is now omitted from batch builds and defaults
> >   to being omitted from interactive ones too (XFree86 did crash
> >   once--perhaps taken down by Mozilla--when I was viewing Thor's
> >   demonstration page for the bug, but a second visit was uneventful).
> >   I added a warning in capitals for interactive users.  I was unable
> >   to reproduce the other bug reported by Thor in the same message.
> >
>
> Thanks for the heads up, I have added this to the upcoming
> Security Notice.  Do these affect the native FreeBSD build
> also?

I did not test the native Mozilla, since I do not have it installed.  For
someone who does, testing is easy:  just go to Thor's demonstration pages
at http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html and
http://jscript.dk/2002/4/NS6Tests/LinkLocalFileDetect.asp (for the latter,
you will want to try some POSIX filenames). These pages are mentioned in
his message, which I forwarded to you.  I also made a non-javascript
demonstration page for the chatzilla bug, at
http://jpj.net/~trevor/evil.html .  Please do not publicize it.
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-gnome" in the body of the message