Fix for Mozilla XMLHttpRequest file disclosure vulnerability

From: Frank Hecker (hecker@mozilla.org)
Date: 05/03/02


Date: Thu, 02 May 2002 23:58:55 -0400
From: Frank Hecker <hecker@mozilla.org>
To: bugtraq@securityfocus.com

For those not already aware of this, note that a fix for the
XMLHttpRequest file disclosure vulnerability (Bugtraq id 4628) reported
by GreyMagic Software has been checked into the Mozilla source tree. The
fix is included in new Mozilla 1.0 branch nightly builds dated 2 May
2002 or later available through mozilla.org:

http://ftp.mozilla.org/pub/mozilla/nightly/latest-1.0.0/

and will be included in the upcoming Mozilla 1.0 release and any further
1.0 Release Candidates distributed through mozilla.org. For more
information on the fix please see bug report 141061 in the Mozilla
project's public bug database:

http://bugzilla.mozilla.org/show_bug.cgi?id=141061

On behalf of the Mozilla community we at mozilla.org thank all the
people who participated in discovering, reporting, investigating, and
fixing this bug.

As a reminder, reports of Mozilla-related security vulnerabilities can
be reported via email to security@mozilla.org, and will be handled in
accordance with the mozilla.org on handling security bugs:

http://www.mozilla.org/projects/security/security-bugs-policy.html

Frank

-- 
Frank Hecker
hecker@mozilla.org



Relevant Pages

  • Re: Please Report SP6 bugs! (was [BUG] Crash di vb.exe)
    ... diagrams disappearing and Listview reordering issue, ... the root cause has been identified and a hot fix ... the simplest project code to display the bug. ... > aggressive and your report may not be received. ...
    (microsoft.public.vb.bugs)
  • Re: Licences
    ... and contribute their fix to "the community". ... I filed a bug in the Debian bug tracking system, ... The moral of the story is this: if you find a bug in GNAT, report it. ...
    (comp.lang.ada)
  • [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
    ... > Mr. Murphy, I don't know what your problem is, but the bug you refer to ... > XSS vulnerability that exists. ... If you report the bug first you can get credit. ... *YOUR* team's broken fix left the vulnerability wide open. ...
    (Full-Disclosure)
  • pci=assign-busses on Compaq R3440CA
    ... Please report the result to linux-kernel to fix this permanently ... The bug happens when udev-090 is processing the events. ...
    (Linux-Kernel)
  • Re: How to address fixes in OS/2 to IBM ?
    ... Find a friend who has eCS and persuade them to reproduce the bug, the fix, ... and report it themselves? ...
    (comp.os.os2.bugs)