Date: Thu, 2 May 2002 10:33:51 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: Antoine Beaupre <anarcat@anarcat.ath.cx> Cc: trevor@jpj.net, freebsd-security@freebsd.org Subject: Re: Mozilla and NS6 security problem Message-ID: <20020502103351.B17524@sheol.localdomain> In-Reply-To: <6988EC2C-5DDF-11D6-B5E1-0050E4A0BB3F@anarcat.ath.cx>; from anarcat@anarcat.ath.cx on Thu, May 02, 2002 at 11:15:18AM -0400 References: <200205021422.g42EMcY17201@sheol.localdomain> <6988EC2C-5DDF-11D6-B5E1-0050E4A0BB3F@anarcat.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 02, at 11:15 AM, Antoine Beaupre wrote: > > Le Jeudi 2 mai 2002, à 10:22 , D J Hawkey Jr a écrit : > > >> Netscape 6 ports were already marked forbidden because of my suspicion > >> that they had the zlib double free() bug (I've seen a rumor that it was > >> corrected in Netscape 6.22). > > > > What of the "native" FreeBSD Mozilla port/package, whether it be 0.9.9 > > or 1.0-RC? > > Well http://sec.greymagic.com/adv/gm001-ns/ sure says it's vulnerable: > > "Tested on: > > Mozilla 0.9.6, Linux (Debian). > Mozilla 0.9.7, NT4. > Mozilla 0.9.8, Linux (Red Hat 7.1). > Mozilla 0.9.9, Win2000. > Mozilla 0.9.9, NT4. > Mozilla 0.9.9, Linux (Red Hat 7.2). > Mozilla 1.0 RC1, FreeBSD. > Netscape 6.1, NT4. > Netscape 6.2.1, Win2000. > Netscape 6.2.2, Win2000. > Netscape 6.2.2, NT4. > Netscape 6.2.2, Linux (Debian)." Yeah, I saw that, too. I was rather meaning, "Has the "native" port and package been marked "forbidden", too?", as well as wondering if the FreeBSD system listed was running the Linux app, or the "native" app? I should have been more explicit in my post. > A. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020502103351.B17524>