Bug#354066: mozilla-firefox: HTML Parsing Denial of Service Vulnerability
Alexander Sack wrote: AFAICT, this is fixed in sarge8 too. Can you confirm that the bug is gone for you too? - Alexander Yep, confirmed it doesn't crash my browser anymore. Running 1.0.4-2sarge9. So feel free to close this bug. Thanks! -- Geoff Crompton Debian System Administrator Strategic Data +61 3 9340 9000 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354066: mozilla-firefox: HTML Parsing Denial of Service Vulnerability
close 354066 1.0.4-2sarge8 thanks On Mon, Jul 31, 2006 at 11:17:31AM +1000, Geoff Crompton wrote: Alexander Sack wrote: AFAICT, this is fixed in sarge8 too. Can you confirm that the bug is gone for you too? - Alexander Yep, confirmed it doesn't crash my browser anymore. Running 1.0.4-2sarge9. So feel free to close this bug. Thanks! - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354066: mozilla-firefox: HTML Parsing Denial of Service Vulnerability
AFAICT, this is fixed in sarge8 too. Can you confirm that the bug is gone for you too? - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354066: mozilla-firefox: HTML Parsing Denial of Service Vulnerability
Package: mozilla-firefox Version: 1.0.4-2sarge5 Severity: important No CVE yet, seen at http://www.securityfocus.com/bid/16741. Affects firefox 1.0 through to 1.5 The bid has a html snippet that triggers it, which I've not reproduced here. I tried the snippet, and it immediately crashed my browser. Lots of discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=269095 Mind you, reading some of that makes it easy to understand why it is really hard to backport patches. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Versions of packages mozilla-firefox depends on: ii debianutils2.8.4 Miscellaneous utilities specific t ii fontconfig 2.3.1-2 generic font configuration library ii libatk1.0-01.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc11:3.4.3-13GCC support library ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgtk2.0-02.6.4-3.1 The GTK+ graphical user interface ii libidl00.8.5-1 library for parsing CORBA IDL file ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libkrb53 1.3.6-2sarge2 MIT Kerberos runtime libraries ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-1PNG library - runtime ii libstdc++5 1:3.3.5-13The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-14sarge1 X Window System miscellaneous exte ii libxft22.1.7-1 FreeType-based font drawing librar ii libxp6 4.3.0.dfsg.1-14sarge1 X Window System printing extension ii libxt6 4.3.0.dfsg.1-14sarge1 X Toolkit Intrinsics ii psmisc 21.5-1Utilities that use the proc filesy ii xlibs 4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354066: mozilla-firefox: HTML Parsing Denial of Service Vulnerability
* Geoff Crompton ([EMAIL PROTECTED]) wrote: Package: mozilla-firefox Version: 1.0.4-2sarge5 Severity: important No CVE yet, seen at http://www.securityfocus.com/bid/16741. Affects firefox 1.0 through to 1.5 The bid has a html snippet that triggers it, which I've not reproduced here. I tried the snippet, and it immediately crashed my browser. Lots of discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=269095 Mind you, reading some of that makes it easy to understand why it is really hard to backport patches. This has been fixed in firefox 1.5.0.1, and since it's only a DOS and not exploitable, I don't think the security team will want to bother with a DSA. -- Eric Dorland [EMAIL PROTECTED] ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ G e h! r- y+ --END GEEK CODE BLOCK-- signature.asc Description: Digital signature
