From owner-freebsd-gnome Wed May 8 18:13:43 2002 Delivered-To: freebsd-gnome@freebsd.org Received: from creme-brulee.marcuscom.com (rdu57-17-158.nc.rr.com [66.57.17.158]) by hub.freebsd.org (Postfix) with ESMTP id CCCCB37B40A; Wed, 8 May 2002 18:13:36 -0700 (PDT) Received: from shumai.marcuscom.com (marcus@shumai.marcuscom.com [192.168.1.4]) by creme-brulee.marcuscom.com (8.12.3/8.12.2) with ESMTP id g491BRwD096006; Wed, 8 May 2002 21:11:27 -0400 (EDT) (envelope-from marcus@marcuscom.com) Subject: Re: FYI: more Mozilla security bugs From: Joe Marcus Clarke To: Trevor Johnson Cc: Chris Faulhaber , security-officer@FreeBSD.ORG, gnome@FreeBSD.ORG In-Reply-To: <20020508205233.V29451-100000@blues.jpj.net> References: <20020508205233.V29451-100000@blues.jpj.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Fj+legu9nzJOgI3j1VKA" X-Mailer: Ximian Evolution 1.0.3 Date: 08 May 2002 21:13:43 -0400 Message-Id: <1020906823.57890.17.camel@shumai.marcuscom.com> Mime-Version: 1.0 Sender: owner-freebsd-gnome@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-Fj+legu9nzJOgI3j1VKA Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-05-08 at 21:58, Trevor Johnson wrote: > Chris Faulhaber wrote: >=20 > > On Wed, May 08, 2002 at 08:06:52PM -0400, Trevor Johnson wrote: > > > trevor 2002/05/08 17:03:03 PDT > > > > > > Modified files: > > > www/linux-mozilla Makefile distinfo > > > www/linux-mozilla/scripts configure > > > Log: > > > Update to a nightly build. Using the GreyMagic Mozilla Disk Explor= er > > > and c't Browsercheck, I am no longer able to activate bug #141061 > > > ("XMLHttpRequest allows reading of local files"). > > > > > > In message <52D05AEFB0D95C4BAD179A054A54CDEB1BD37A@mailsrv1.jubii.d= k> > > > on Bugtraq, Thor Larholm described a buffer overflow in Chatzilla. > > > I confirmed the bug with this version of Mozilla/Chatzilla. Theref= ore > > > the chatzilla component is now omitted from batch builds and defaul= ts > > > to being omitted from interactive ones too (XFree86 did crash > > > once--perhaps taken down by Mozilla--when I was viewing Thor's > > > demonstration page for the bug, but a second visit was uneventful). > > > I added a warning in capitals for interactive users. I was unable > > > to reproduce the other bug reported by Thor in the same message. > > > > > > > Thanks for the heads up, I have added this to the upcoming > > Security Notice. Do these affect the native FreeBSD build > > also? >=20 > I did not test the native Mozilla, since I do not have it installed. For > someone who does, testing is easy: just go to Thor's demonstration pages > at http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html and > http://jscript.dk/2002/4/NS6Tests/LinkLocalFileDetect.asp (for the latter= , > you will want to try some POSIX filenames). These pages are mentioned in > his message, which I forwarded to you. I also made a non-javascript > demonstration page for the chatzilla bug, at > http://jpj.net/~trevor/evil.html . Please do not publicize it. I just tested Mozilla 1.0.rc1_1,1 in the ports tree, and it is vulnerable to the Chatzilla problem. I will disable Chatzilla. Thanks, Trevor, for the link. =20 Joe > --=20 > Trevor Johnson >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-gnome" in the body of the message >=20 --=-Fj+legu9nzJOgI3j1VKA Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQA82c1Gb2iPiv4Uz4cRAhZaAJ9eWGqce/IuPLmjQascY5oQ8ldgYwCfRTeH 9U0FvYvuAsmvfkvyTsnINRc= =Qml/ -----END PGP SIGNATURE----- --=-Fj+legu9nzJOgI3j1VKA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-gnome" in the body of the message