Bug#429052: iceweasel: mailcap entry makes user more vulnerable to Mozilla bug 230606

2007-06-15 Thread Vincent Lefevre
Package: iceweasel Version: 2.0.0.4-1 Severity: grave Tags: security Justification: user security hole The default /etc/mailcap entry makes iceweasel to be called directly to view HTML files with a "file://" URL. Due to Mozilla bug 230606 (or 382637, on which the attached example is based), data r

Bug#429052: iceweasel: mailcap entry makes user more vulnerable to Mozilla bug 230606

2007-09-09 Thread Eric Dorland
severity 429052 important thanks Since upstream does not consider this a critical bug, I don't think we should either. Some sort of warning to the user would be good though, I agree. I could take iceweasel out of mailcap, but this might annoy more than this exploit is a threat. A stripping script

Bug#429052: iceweasel: mailcap entry makes user more vulnerable to Mozilla bug 230606

2007-09-10 Thread Florian Weimer
* Eric Dorland: > severity 429052 important > thanks > > Since upstream does not consider this a critical bug, I don't think we > should either. Some sort of warning to the user would be good though, > I agree. I could take iceweasel out of mailcap, but this might annoy > more than this exploit is

Bug#429052: iceweasel: mailcap entry makes user more vulnerable to Mozilla bug 230606

2007-09-10 Thread Vincent Lefevre
On 2007-09-10 22:36:53 +0200, Florian Weimer wrote: > * Eric Dorland: > > Since upstream does not consider this a critical bug, I don't > > think we should either. I have several comments about this: First I think that Debian's security team shouldn't make their decisions based on what upstream de