Sounds like remote code execution if able to trick victim into viewing page/clicking link. I assume we'll wait for Mozilla to release an update/fix.
Quote: > Solution > ========= > > This bug is fixed in Mozilla 1.7.5. (Bug 264388)
Mozilla 1.7.5 stable process is handled on bug 68976 Any idea if this is present in Thunderbird ? It's quite difficult to get any confirmation from the Mozilla folks. The security page (http://www.mozilla.org/projects/security/known-vulnerabilities.html) has not been updated since Firefox 1.0PR... And closed-access bugs are everywhere. If someone from our Mozilla team knows anyone that would help confirming what stuff affects what versions and what is already fixed (basically, an update of the known vuln page), that would help us a lot.
https://bugzilla.mozilla.org/show_bug.cgi?id=264388 is not public so I can't confirm this one. This should get a GLSA but without confirmation I don't really feel like it.
Mozilla bug opened. I vote for a GLSA on this one.
Yes, this should get a GLSA, especially if we add the information on bugs 68976 and 70749.
GLSA 200501-03