funsec mailing list archives
Re: Firefox Security Update: Fixed in Firefox 1.5.0.7
From: Jordan Wiens <numatrix () ufl edu>
Date: Fri, 15 Sep 2006 13:12:05 -0400
Fergie wrote:
Via Mozilla.org. [snip] Fixed in Firefox 1.5.0.7 MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7) MFSA 2006-62 Popup-blocker cross-site scripting (XSS) MFSA 2006-61 Frame spoofing using document.open() MFSA 2006-60 RSA Signature Forgery MFSA 2006-59 Concurrency-related vulnerability MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing MFSA 2006-57 JavaScript Regular Expression Heap Corruption [snip] See: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.7 - ferg
The signature forgery looks like fun. Too bad the bug details in bugzilla are protected still, I'm curious about their exact fix. It's not like the vulnerability isn't explained in detail in some of the other links anyway. Anybody know the official mozilla policy on secret bugs? I would have assumed they'd open up the bugs once the patched version was released.
-- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Firefox Security Update: Fixed in Firefox 1.5.0.7 Fergie (Sep 14)
- Re: Firefox Security Update: Fixed in Firefox 1.5.0.7 Jordan Wiens (Sep 15)
- Re: Firefox Security Update: Fixed in Firefox 1.5.0.7 Blue Boar (Sep 15)
- Re: Firefox Security Update: Fixed in Firefox 1.5.0.7 Jordan Wiens (Sep 15)