From owner-freebsd-security Thu May 2 8:34: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id 5BF0E37B404 for ; Thu, 2 May 2002 08:33:56 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 4E1F551AA; Thu, 2 May 2002 10:33:52 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g42FXpi17559; Thu, 2 May 2002 10:33:51 -0500 (CDT) (envelope-from hawkeyd) Date: Thu, 2 May 2002 10:33:51 -0500 From: D J Hawkey Jr To: Antoine Beaupre Cc: trevor@jpj.net, freebsd-security@freebsd.org Subject: Re: Mozilla and NS6 security problem Message-ID: <20020502103351.B17524@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <200205021422.g42EMcY17201@sheol.localdomain> <6988EC2C-5DDF-11D6-B5E1-0050E4A0BB3F@anarcat.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <6988EC2C-5DDF-11D6-B5E1-0050E4A0BB3F@anarcat.ath.cx>; from anarcat@anarcat.ath.cx on Thu, May 02, 2002 at 11:15:18AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On May 02, at 11:15 AM, Antoine Beaupre wrote: > > Le Jeudi 2 mai 2002, à 10:22 , D J Hawkey Jr a écrit : > > >> Netscape 6 ports were already marked forbidden because of my suspicion > >> that they had the zlib double free() bug (I've seen a rumor that it was > >> corrected in Netscape 6.22). > > > > What of the "native" FreeBSD Mozilla port/package, whether it be 0.9.9 > > or 1.0-RC? > > Well http://sec.greymagic.com/adv/gm001-ns/ sure says it's vulnerable: > > "Tested on: > > Mozilla 0.9.6, Linux (Debian). > Mozilla 0.9.7, NT4. > Mozilla 0.9.8, Linux (Red Hat 7.1). > Mozilla 0.9.9, Win2000. > Mozilla 0.9.9, NT4. > Mozilla 0.9.9, Linux (Red Hat 7.2). > Mozilla 1.0 RC1, FreeBSD. > Netscape 6.1, NT4. > Netscape 6.2.1, Win2000. > Netscape 6.2.2, Win2000. > Netscape 6.2.2, NT4. > Netscape 6.2.2, Linux (Debian)." Yeah, I saw that, too. I was rather meaning, "Has the "native" port and package been marked "forbidden", too?", as well as wondering if the FreeBSD system listed was running the Linux app, or the "native" app? I should have been more explicit in my post. > A. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message