Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow

From: n e w s (youreallythoughtiwouldgiveyoumy-dshield_at_yahoo.com)
Date: 09/09/05

Next message: Larry Seltzer: "RE: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow"

Previous message: Dee Holtsclaw: "[Full-disclosure] Top posting [was: MM - #$%@ Kill Google!]"
In reply to: Heikki Toivonen: "Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow"
Next in thread: Larry Seltzer: "RE: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 09 Sep 2005 07:41:24 -0700
To: full-disclosure@lists.grok.org.uk

Heikki Toivonen wrote:

>Tom Ferris wrote:
>
>
>>Vendor Status:
>>Mozilla was notified, and im guessing they are working on a patch. Who
>>knows though?
>>
>>
>
>That seems like a gross mischaracterization, at least by looking at the
>Bugzilla bug filed by you which I believe this corresponds to. The bug
>was reported two days ago (Sep 6), the first comment came less than an
>hour after that, and the first attempted fix was attached less than two
>hours after the bug was filed. Further comments explained how it was
>proving hard to find what and where was actually going wrong to put in
>the right fix. 10 replies total in less than two days. To me it seems
>obvious work is being done.
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
Hi, I was looking for the Firefox bug report mentioned, and after
searching for quite some time was not able to find the thread on
Bugzilla. Not sure if I am doing something wrong, but if someone has a
link to the url of Tom's post to Bugzilla, I'd be grateful if the link
found its way onto this list. TIA!

n e w s
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Next message: Larry Seltzer: "RE: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow"

Previous message: Dee Holtsclaw: "[Full-disclosure] Top posting [was: MM - #$%@ Kill Google!]"
In reply to: Heikki Toivonen: "Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow"
Next in thread: Larry Seltzer: "RE: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[EXPL] Improper Input Validation in Bugzilla (Exploit)
... Developers can use Bugzilla to keep a commotion list as well ... Text Bug Listing", so we then know file is created. ... * Can edit all aspects of any bug. ... sub generate_chart { ...
(Securiteam)
Re: [patch] scsi: revert "[SCSI] Get rid of scsi_cmnd->done"
... movement into this bug was ... ... The problem is that mailing lists are far too often equivalent to ... And another of the advantages of using Bugzilla is that it gives us ... tracking tool, but it's a bloody useless workflow one for actually ...
(Linux-Kernel)
Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10
... Bugzilla is a Web-based bug-tracking system used by a large number of ... an improper validation of the permissions of the ... ID is mentioned in a comment in a bug. ... All affected installations are encouraged to upgrade as soon as ...
(Bugtraq)
[Full-disclosure] [gentoo-announce] [ GLSA 200507-12 ] Bugzilla: Unauthorized access and information
... Bugzilla is a web-based bug-tracking system used by many projects. ... Bugzilla allows any user to modify the flags of any bug ... Bugzilla Security Advisory ...
(Full-Disclosure)
[ GLSA 200507-12 ] Bugzilla: Unauthorized access and information disclosure
... Bugzilla is a web-based bug-tracking system used by many projects. ... Bugzilla allows any user to modify the flags of any bug ... Bugzilla Security Advisory ...
(Bugtraq)