Bug#293664: mozilla-firefox: [CAN-2004-1156] secunia window injection

Fri, 04 Feb 2005 23:23:02 -0800 

* Djoume SALVETTI ([EMAIL PROTECTED]) wrote:
> Package: mozilla-firefox
> Version: 1.0+dfsg.1-4
> Severity: normal
> 
> 
> Good day,
> 
> Firefox is vulnerable to window injection vulnerability
> describe in CAN-2004-1156 :
> 
> http://secunia.com/secunia_research/2004-13/advisory/
> http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
> 
> The problem was fixed upstream :
> 
> https://bugzilla.mozilla.org/show_bug.cgi?id=273699
> 
> (the patch is in https://bugzilla.mozilla.org/show_bug.cgi?id=103638)
> 
> Regards.

Unfortunately the patch does not apply cleanly to Firefox 1.0
sources. Any idea if they're planing a 1.0.1 to address it?

-- 
Eric Dorland <[EMAIL PROTECTED]>
ICQ: #61138586, Jabber: [EMAIL PROTECTED]
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
------END GEEK CODE BLOCK------

Attachment: signature.asc
Description: Digital signature

Reply via email to