From owner-cvs-all@FreeBSD.ORG  Thu Sep 20 07:00:22 2007
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 954EE16A420;
	Thu, 20 Sep 2007 07:00:22 +0000 (UTC)
	(envelope-from remko@FreeBSD.org)
Received: from galain.elvandar.org (redqueen.elvandar.org [217.148.169.55])
	by mx1.freebsd.org (Postfix) with ESMTP id 41D8213C4F6;
	Thu, 20 Sep 2007 07:00:22 +0000 (UTC)
	(envelope-from remko@FreeBSD.org)
Received: from localhost.we-dare.net ([127.0.0.1] helo=galain.elvandar.org)
	by galain.elvandar.org with esmtp (Exim 4.67)
	(envelope-from <remko@FreeBSD.org>)
	id 1IYEu4-000AB6-6t; Thu, 20 Sep 2007 07:48:44 +0200
Received: from 194.74.82.3 (SquirrelMail authenticated user remko)
	by galain.elvandar.org with HTTP;
	Thu, 20 Sep 2007 07:48:44 +0200 (CEST)
Message-ID: <42316.194.74.82.3.1190267324.squirrel@galain.elvandar.org>
In-Reply-To: <94F864FD-8307-4D92-A1ED-A4D3106CC7D1@ahze.net>
References: <200709191650.l8JGolhq060857@repoman.freebsd.org>
	<94F864FD-8307-4D92-A1ED-A4D3106CC7D1@ahze.net>
Date: Thu, 20 Sep 2007 07:48:44 +0200 (CEST)
From: "Remko Lodder" <remko@FreeBSD.org>
To: "Michael Johnson" <ahze@ahze.net>
User-Agent: SquirrelMail/1.4.10a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2007 07:00:22 -0000


On Wed, September 19, 2007 11:19 pm, Michael Johnson wrote:
>>
>>   Document mozilla -- code execution via Quicktime media-link files,
>>   The Mozilla advisory talks somewhat about Windows for this matter,
>>   but better be safe then sorry (An updated firefox is available
>> already).
>>
>
> This only really affects Quicktime, the program not video files
> according to http://www.mozilla.org/security/announce/2007/
> mfsa2007-28.html
>
> So FreeBSD should be safe.
>

Hi Michael,

Thanks for commenting on this one, I think that you are right about the
source of the attack, but FireFox safeguards itself now by denying the
QuickTime command-line stuff itself. So I think this does affect the
browser (and not only QuickTime).

Cheers
remko

-- 
Kind regards,

     Remko Lodder               ** remko@elvandar.org
     FreeBSD                    ** remko@FreeBSD.org

     /* Quis custodiet ipsos custodes */