Date: Tue, 12 Mar 2002 11:02:16 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape Message-ID: <20020312104432.L19417-100000@blues.jpj.net> In-Reply-To: <20020312090524.A29061@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
> Anyone know if [recent] Mozilla releases are vulnerable? > Specifically, release 0.9.8? > More specifically, the binary release of 0.9.8 from mozilla.org (which > wouldn't have any patches found in the ports collection)? I hadn't thought of that. I wasn't able to get the demonstration from http://www.dividuum.de/ to work with Mozilla 0.9.9. Mozilla's support for the about: protocol seems to be more limited than that of Netscape 4. In particular, it doesn't have about:global. Conceivably, old versions of Mozilla could have this bug. Regardless, I'd recommend that you update to Mozilla 0.9.9, because of the zlib "double free" bug. Mozilla contains its own copy of the zlib code, which was corrected as of version 0.9.9. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312104432.L19417-100000>