Summary: | www-client/mozilla-firefox(-bin) Cookie Manipulation CVE-2007-0981 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Executioner <keith> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | mozilla, sgtphou |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/archive/1/460126 | ||
Whiteboard: | A4 [ebuild] Executioner | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 167276 | ||
Bug Blocks: |
Description
Executioner
2007-02-15 01:41:23 UTC
I wasn't able to reproduce the bug, since Squid would step in and give me an "Invalid URL" error... however, I've hopefully addressed the problem with this patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252 The upstream development team have already applied this patch to their tree -- it'll appear in the next release of Firefox. Could people try mozilla-firefox-2.0.0.1-r3 and report back? If the problem is fixed, then I'll add arches and get it pushed to stable. (And I'll be testing on MIPS very shortly) It works on x86. Hi Stuart, do you plan to release a mozilla-firefox-bin-2.0.0.1-r3 too? Looks like its fixed with 2.0.0.2 According to https://bugzilla.mozilla.org/show_bug.cgi?id=370445 v.fixed on both branches with: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.2) Gecko/20070215 Firefox/2.0.0.2 and Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 (In reply to comment #4) > Hi Stuart, do you plan to release a mozilla-firefox-bin-2.0.0.1-r3 too? > Being a bin it's impossible to apply a patch :) For -bin we'll have to wait to the 2.0.0.2 release, which is now rc4, so it should be out soon. This Firefox release will be handled on bug 165555 which is older. *** This bug has been marked as a duplicate of bug 165555 *** |