From owner-cvs-all@FreeBSD.ORG Thu Sep 20 07:00:22 2007 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 954EE16A420; Thu, 20 Sep 2007 07:00:22 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from galain.elvandar.org (redqueen.elvandar.org [217.148.169.55]) by mx1.freebsd.org (Postfix) with ESMTP id 41D8213C4F6; Thu, 20 Sep 2007 07:00:22 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from localhost.we-dare.net ([127.0.0.1] helo=galain.elvandar.org) by galain.elvandar.org with esmtp (Exim 4.67) (envelope-from ) id 1IYEu4-000AB6-6t; Thu, 20 Sep 2007 07:48:44 +0200 Received: from 194.74.82.3 (SquirrelMail authenticated user remko) by galain.elvandar.org with HTTP; Thu, 20 Sep 2007 07:48:44 +0200 (CEST) Message-ID: <42316.194.74.82.3.1190267324.squirrel@galain.elvandar.org> In-Reply-To: <94F864FD-8307-4D92-A1ED-A4D3106CC7D1@ahze.net> References: <200709191650.l8JGolhq060857@repoman.freebsd.org> <94F864FD-8307-4D92-A1ED-A4D3106CC7D1@ahze.net> Date: Thu, 20 Sep 2007 07:48:44 +0200 (CEST) From: "Remko Lodder" To: "Michael Johnson" User-Agent: SquirrelMail/1.4.10a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2007 07:00:22 -0000 On Wed, September 19, 2007 11:19 pm, Michael Johnson wrote: >> >> Document mozilla -- code execution via Quicktime media-link files, >> The Mozilla advisory talks somewhat about Windows for this matter, >> but better be safe then sorry (An updated firefox is available >> already). >> > > This only really affects Quicktime, the program not video files > according to http://www.mozilla.org/security/announce/2007/ > mfsa2007-28.html > > So FreeBSD should be safe. > Hi Michael, Thanks for commenting on this one, I think that you are right about the source of the attack, but FireFox safeguards itself now by denying the QuickTime command-line stuff itself. So I think this does affect the browser (and not only QuickTime). Cheers remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */