| Summary: | net-www/mozilla-*: filename spoof + local images infoleak | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | mozilla |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://secunia.com/advisories/13144/ | ||
| Whiteboard: | A4 [noglsa] koon | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2004-11-10 23:57:33 UTC
Mozilla please review and advise. Personally I'm not interested in trying to handle mozilla/firefox/thunderbird security bugs before they're handled upstream, where they can determine properly whether a problem is severe and whether a fix is really ready for release. Sune, you filed the bug, how about telling us why we should care about these before mozilla.org does something about them? Firefox is fixed in version 1.0, according to http://www.squarefree.com/burningedge/releases/1.0.html Note that https://bugzilla.mozilla.org/show_bug.cgi?id=261527 is MacOSX only. Mozilla 1.7.5 is planned for mid-December, we'll wait for the versions to be at the same level of security to issue a GLSA. Thunderbird is probably not affected by any of these. 69070 is fixed in mozilla 1.7.5 234416 looks firefox-specific 261527 is MacOS/X only. missing ebuilds / stable marking will be tracked through bug 68976 Security: Please vote on GLSA need on this one... I vote NO here too. One of the reasons being the lack of solid information from Mozilla.org. I also vote NO on this one. Closed without GLSA GLSA 200501-03 |