Re: Mozilla and NS6 security problem

From: Antoine Beaupre (anarcat@anarcat.ath.cx)
Date: 05/02/02 

Date: Thu, 2 May 2002 11:15:18 -0400
To: hawkeyd@visi.com
From: Antoine Beaupre <anarcat@anarcat.ath.cx>

Le Jeudi 2 mai 2002, à 10:22 , D J Hawkey Jr a écrit :

> In article <20020501152156.X2876-100000_blues.jpj.net@ns.sol.net>,
> trevor@jpj.net writes:
>> Martin Blapp wrote:
>>
>>> http://www.heise.de/newsticker/data/ju-30.04.02-000/
>>> http://sec.greymagic.com/adv/gm001-ns/
>>>
>>> Our ports are vulnerable too. It seems that there is
>>> no fix yet available.
>>
>> Thank you, Martin. I tested the linux-mozilla port yesterday and
>> found it
>> had the bug. I've just marked it forbidden (sorry about the delay).
>> The
>> Netscape 6 ports were already marked forbidden because of my suspicion
>> that they had the zlib double free() bug (I've seen a rumor that it was
>> corrected in Netscape 6.22).
>
> What of the "native" FreeBSD Mozilla port/package, whether it be 0.9.9
> or 1.0-RC?

Well http://sec.greymagic.com/adv/gm001-ns/ sure says it's vulnerable:

"Tested on:

Mozilla 0.9.6, Linux (Debian).
Mozilla 0.9.7, NT4.
Mozilla 0.9.8, Linux (Red Hat 7.1).
Mozilla 0.9.9, Win2000.
Mozilla 0.9.9, NT4.
Mozilla 0.9.9, Linux (Red Hat 7.2).
Mozilla 1.0 RC1, FreeBSD.
Netscape 6.1, NT4.
Netscape 6.2.1, Win2000.
Netscape 6.2.2, Win2000.
Netscape 6.2.2, NT4.
Netscape 6.2.2, Linux (Debian)."

A.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Quantcast