Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255221 (CVE-2008-5822) - <net-libs/xulrunner-1.9.0.8: DoS (CVE-2008-5822)
Summary: <net-libs/xulrunner-1.9.0.8: DoS (CVE-2008-5822)
Status: RESOLVED FIXED
Alias: CVE-2008-5822
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.packetstormsecurity.org/08...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-16 23:34 UTC by Stefan Behte (RETIRED)
Modified: 2013-01-08 01:02 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-16 23:34:12 UTC
CVE-2008-5822 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822):
  Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other
  products, allows remote attackers to cause a denial of service
  (memory consumption and browser hang) via a long CLASS attribute in
  an HR element in an HTML document.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-18 11:48:10 UTC
Any news here? we have xulrunner-1.9.0.8 stable, but what about xulrunner-bin? It's needed for the big Mozilla GLSA...
Comment 2 Jory A. Pratt gentoo-dev 2010-09-16 13:04:53 UTC
mozilla has nothing to do here, xulrunner-bin has been removed from tree.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-09 18:07:18 UTC
Already on the existing Mozilla GLSA draft.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:53 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).