Summary: | <=mozilla-firefox-1.0.2-r1 memory exposure weakness in javascript implementation (JS "lambda" flaw) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | vltg0903 |
Component: | Current packages | Assignee: | Mozilla Gentoo Team <mozilla> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | christian.hartmann |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
URL: | http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
jsstr.c.patch
mozilla-firefox-1.0.2-r2.ebuild mozilla-firefox-1.0.2-r4.diff |
Description
vltg0903
2005-04-05 07:58:32 UTC
Just read about firefox-1.0.3 coming up, it will address this issue: http://mozillazine.org/talkback.html?article=6336 Created attachment 55569 [details]
jsstr.c.patch
Just added the full path to the diff output of the original patch.
Created attachment 55570 [details]
mozilla-firefox-1.0.2-r2.ebuild
Ebuild which expects the patch file in the files dir. Pretty easy to fix, but
worth a GLSA, isn't it?
Created attachment 56434 [details] mozilla-firefox-1.0.2-r4.diff Since I currently maintain the state of mozilla-firefox' ebuild I made a diff to include the js-fix, so we have the most current state. Revision is bumped to r4. The filesdir-name of the fix should be mozilla-firefox-1.0.2-jsstr.c.patch The diff is against the mozilla-ebuild from http://bugs.gentoo.org/show_bug.cgi?id=86070 Hi, Mozilla released version 1.0.3 of Firefox which solved the security vulnerable. Hope we found the ebuild asap in portage. The current version 1.0.3 source can be downloaded at http://www.mozilla.org/download-mozilla.html Thanks, Benjamin Obsolete bug, 1.0.7 is the oldest version in portage now. |