Greg wrote: > I noticed that the following flaw in GDI+ affects many products: > http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx > > Of course MS does not list any third party products. Anyone know > whether Mozilla (specifically FireFox) is affected, in what version > it's fixed, etc?
Mozilla had a basically identical bug (reported by the same fellow) fixed way back in 2000 in the "M16" build (and Netscape 4.74). Since then we've switched to open source JPEG library which doesn't even attempt to process the comment field. > I wish there was a way to test for the vulnerability. The tool MS > provides just scans for known versions of MS products (doesn't even > check whether they are patched). There was a test image posted to full-disclosure. http://lists.netsys.com/pipermail/full-disclosure/2004-September/026462.html > Thanks in advance! (sorry if this is an inappropriate question for > this forum) Perfectly reasonable question to post here. -Dan Veditz _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
