Date: Thu, 2 May 2002 11:15:18 -0400 From: Antoine Beaupre <anarcat@anarcat.ath.cx> To: hawkeyd@visi.com Cc: trevor@jpj.net, freebsd-security@freebsd.org Subject: Re: Mozilla and NS6 security problem Message-ID: <6988EC2C-5DDF-11D6-B5E1-0050E4A0BB3F@anarcat.ath.cx> In-Reply-To: <200205021422.g42EMcY17201@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Jeudi 2 mai 2002, =E0 10:22 , D J Hawkey Jr a =E9crit : > In article <20020501152156.X2876-100000_blues.jpj.net@ns.sol.net>, > trevor@jpj.net writes: >> Martin Blapp wrote: >> >>> http://www.heise.de/newsticker/data/ju-30.04.02-000/ >>> http://sec.greymagic.com/adv/gm001-ns/ >>> >>> Our ports are vulnerable too. It seems that there is >>> no fix yet available. >> >> Thank you, Martin. I tested the linux-mozilla port yesterday and=20 >> found it >> had the bug. I've just marked it forbidden (sorry about the delay). =20= >> The >> Netscape 6 ports were already marked forbidden because of my = suspicion >> that they had the zlib double free() bug (I've seen a rumor that it = was >> corrected in Netscape 6.22). > > What of the "native" FreeBSD Mozilla port/package, whether it be 0.9.9 > or 1.0-RC? Well http://sec.greymagic.com/adv/gm001-ns/ sure says it's vulnerable: "Tested on: Mozilla 0.9.6, Linux (Debian). Mozilla 0.9.7, NT4. Mozilla 0.9.8, Linux (Red Hat 7.1). Mozilla 0.9.9, Win2000. Mozilla 0.9.9, NT4. Mozilla 0.9.9, Linux (Red Hat 7.2). Mozilla 1.0 RC1, FreeBSD. Netscape 6.1, NT4. Netscape 6.2.1, Win2000. Netscape 6.2.2, Win2000. Netscape 6.2.2, NT4. Netscape 6.2.2, Linux (Debian)." A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6988EC2C-5DDF-11D6-B5E1-0050E4A0BB3F>