I have patches the vulnerability in both 1.0.7 and 1.5 need to mark 1.0.7-r4 stable. More info on the vulnerability can be found at http://packetstormsecurity.org/0512-exploits/firefox-1.5-buffer-overflow.txt
Hold off on marking stable as I need to add the mork patch, sorry it will be added first thing tomorrow morning as I am testing it right now to make sure we do not break compilation or cause any other problems.
based on the official response here http://www.mozilla.org/security/history- title.html and the fact that it is clearly being misrepresented as a buffer overflow, when it is just abusing the fact that an O(n^2) algorithm is being used to process the history file, this is a client DoS which is not normally handled by the security team. Reassigning to mozilla team.
Aight 1.0.7-r4 is ready to be marked stable by respective archs. I have also pushed -r2 on 1.5 so all ~arch users get the update. This was nothing more then adding the mork patch for completeness.
Just did a test of the vulnerability with the new -r4. It does allow you to restart firefox after the code. However when the vulnerability test code runs, firefox loses all borders, visually fickers..and kills metacity. However, with fluxbox, this crashing of the windowmanager doesn't happen. built as such: www-client/mozilla-firefox-1.0.7-r4 -debug -gnome +ipv6 -java -mozcalendar -mozdevelop -moznoxft -mozsvg +truetype -xinerama -xprint Will be testing with +gnome, to see if its something slightly funky there.
stable on x86
sparc stable.
Stable on alpha
Stable on amd64.
hansmi marked it
IA64 done; no other archs left, closing bug.
closing as (In reply to comment #10) > IA64 done; no other archs left, closing bug. > closing as Tim did not