Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 70749 - net-www/mozilla-*: filename spoof + local images infoleak
Summary: net-www/mozilla-*: filename spoof + local images infoleak
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/13144/
Whiteboard: A4 [noglsa] koon
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-10 23:57 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-01-05 01:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-10 23:57:33 UTC
See link for all details. 

Mozilla Bugzilla references are:

https://bugzilla.mozilla.org/show_bug.cgi?id=69070
https://bugzilla.mozilla.org/show_bug.cgi?id=234416
https://bugzilla.mozilla.org/show_bug.cgi?id=261527
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-11 00:00:10 UTC
Mozilla please review and advise.
Comment 2 Aron Griffis (RETIRED) gentoo-dev 2004-11-14 17:46:01 UTC
Personally I'm not interested in trying to handle mozilla/firefox/thunderbird security bugs before they're handled upstream, where they can determine properly whether a problem is severe and whether a fix is really ready for release.

Sune, you filed the bug, how about telling us why we should care about these before mozilla.org does something about them?
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-11-23 07:58:06 UTC
Firefox is fixed in version 1.0, according to http://www.squarefree.com/burningedge/releases/1.0.html
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-11-30 04:48:04 UTC
Note that https://bugzilla.mozilla.org/show_bug.cgi?id=261527 is MacOSX only.

Mozilla 1.7.5 is planned for mid-December, we'll wait for the versions to be at the same level of security to issue a GLSA. Thunderbird is probably not affected by any of these.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-12-20 03:00:15 UTC
69070 is fixed in mozilla 1.7.5
234416 looks firefox-specific
261527 is MacOS/X only.

missing ebuilds / stable marking will be tracked through bug 68976
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-01-01 11:00:41 UTC
Security: Please vote on GLSA need on this one... I vote NO here too. One of the reasons being the lack of solid information from Mozilla.org.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-01 14:39:29 UTC
I also vote NO on this one.
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-01-02 10:37:04 UTC
Closed without GLSA
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-01-05 01:12:50 UTC
GLSA 200501-03