Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Sep 2004 12:38:04 +0900 (JST)
From:      NAKATA Maho <chat95@mac.com>
To:        nectar@FreeBSD.org, openoffice@FreeBSD.org
Subject:   Re: [dev] security vulnerability of using mozilla runtime?
Message-ID:  <20040917.123804.893775576.chat95@mac.com>
In-Reply-To: <41499F06.80200@sun.com>
References:  <B128FA3522ABD211BE100008C756689B025F8CB0@hnvr-sts-exs01.sigtech.saic.com> <20040914.194619.276750997.chat95@mac.com>	<41499F06.80200@sun.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Dear nectar and all

I recieved a message about mozilla runtime which OOo port inernally use=
s.
Some people and portsaudit show us there are security risks using
mozilla 1.0.2, however, there not seem to be security vulnerabilities.
I'll delete WITHOUT_MOZILLA=3Dyes as soon as possible.

In Message-ID: <41499F06.80200@sun.com> =

Frank Sch=F6nheit <frank.schoenheit@sun.com> wrote:

> hello Nakata,
> =

> > o using mozilla runtime which came with OOo distribution inherits t=
his
> >   security vulnerability?
> =

> none of the mentioned security holes should affect OOo 1.x, since the=

> respective code is not used in 1.x.
> For 2.0, we offer SSL encryption for LDAP address data access, using
> Mozilla's LDAP/SSL libraries, so the third vulnarability you mention
> would indeed also affect OOo 2.0. I think we will change to the lates=
t
> available 1.7.x before OOo 2.0 is shipped.
> =

> Thanks & Ciao
> Frank

thanks!
--nakata maho




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040917.123804.893775576.chat95>