oss-sec mailing list archives
CVE request: surf
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 10 Feb 2012 01:24:00 +0100
surf does not protect its cookie jar against access read access from other local users, as reported by Jakub Wilk in this Debian bug: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296> Could someone please assign a CVE for this? uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir function creates the dot directory with world-readable settings) have a similar issue, but are from different code bases. I think those should get distinct CVEs, too.
Current thread:
- CVE request: surf Florian Weimer (Feb 09)
- Re: CVE request: surf Kurt Seifried (Feb 09)
- Re: CVE request: surf Florian Weimer (Feb 10)
- RE: CVE request: surf Daniel Suarez (Feb 10)
- Re: CVE request: surf Kurt Seifried (Feb 11)
- Re: CVE request: surf Florian Weimer (Feb 10)
- Re: CVE request: surf Kurt Seifried (Feb 09)