Summary: | www-client/mozilla-firefox<=3.0.5 (CVE-2009-0071) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=456727 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 257577 | ||
Bug Blocks: |
Description
Stefan Behte (RETIRED)
2009-01-17 01:24:26 UTC
mozilla, please advice. Planned release for 3.0.6 is 3-4 february. Ready to vote, I vote NO. CVE-2009-2535 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535): Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Gah, last comment should go to another bug. Nothing for mozilla team to do here. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |