Date: Fri, 17 Sep 2004 12:38:04 +0900 (JST) From: NAKATA Maho <chat95@mac.com> To: nectar@FreeBSD.org, openoffice@FreeBSD.org Subject: Re: [dev] security vulnerability of using mozilla runtime? Message-ID: <20040917.123804.893775576.chat95@mac.com> In-Reply-To: <41499F06.80200@sun.com> References: <B128FA3522ABD211BE100008C756689B025F8CB0@hnvr-sts-exs01.sigtech.saic.com> <20040914.194619.276750997.chat95@mac.com> <41499F06.80200@sun.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear nectar and all I recieved a message about mozilla runtime which OOo port inernally use= s. Some people and portsaudit show us there are security risks using mozilla 1.0.2, however, there not seem to be security vulnerabilities. I'll delete WITHOUT_MOZILLA=3Dyes as soon as possible. In Message-ID: <41499F06.80200@sun.com> = Frank Sch=F6nheit <frank.schoenheit@sun.com> wrote: > hello Nakata, > = > > o using mozilla runtime which came with OOo distribution inherits t= his > > security vulnerability? > = > none of the mentioned security holes should affect OOo 1.x, since the= > respective code is not used in 1.x. > For 2.0, we offer SSL encryption for LDAP address data access, using > Mozilla's LDAP/SSL libraries, so the third vulnarability you mention > would indeed also affect OOo 2.0. I think we will change to the lates= t > available 1.7.x before OOo 2.0 is shipped. > = > Thanks & Ciao > Frank thanks! --nakata maho
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040917.123804.893775576.chat95>