Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 76112 - net-www/mozilla: NNTP-related heap overflow
Summary: net-www/mozilla: NNTP-related heap overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://isec.pl/vulnerabilities/isec-0...
Whiteboard: A2 [glsa] koon
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-29 21:43 UTC by Dan Margolis (RETIRED)
Modified: 2005-01-05 01:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Margolis (RETIRED) gentoo-dev 2004-12-29 21:43:25 UTC
Sounds like remote code execution if able to trick victim into viewing page/clicking link. I assume we'll wait for Mozilla to release an update/fix.
Comment 1 Sven Wegener gentoo-dev 2004-12-29 22:18:31 UTC
Quote:

> Solution
> =========
> 
> This bug is fixed in Mozilla 1.7.5. (Bug 264388)
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-12-30 07:37:52 UTC
Mozilla 1.7.5 stable process is handled on bug 68976
Any idea if this is present in Thunderbird ?

It's quite difficult to get any confirmation from the Mozilla folks. The security page (http://www.mozilla.org/projects/security/known-vulnerabilities.html) has not been updated since Firefox 1.0PR... And closed-access bugs are everywhere.

If someone from our Mozilla team knows anyone that would help confirming what stuff affects what versions and what is already fixed (basically, an update of the known vuln page), that would help us a lot.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-01-01 11:04:37 UTC
https://bugzilla.mozilla.org/show_bug.cgi?id=264388 is not public so I can't confirm this one.

This should get a GLSA but without confirmation I don't really feel like it.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-04 01:35:48 UTC
Mozilla bug opened. I vote for a GLSA on this one.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-01-04 01:40:30 UTC
Yes, this should get a GLSA, especially if we add the information on bugs 68976 and 70749.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-01-05 01:11:59 UTC
GLSA 200501-03