Package: iceweasel
Version: 2.0.0.4-1
Severity: grave
Tags: security
Justification: user security hole
The default /etc/mailcap entry makes iceweasel to be called directly
to view HTML files with a "file://" URL. Due to Mozilla bug 230606
(or 382637, on which the attached example is based), data r
severity 429052 important
thanks
Since upstream does not consider this a critical bug, I don't think we
should either. Some sort of warning to the user would be good though,
I agree. I could take iceweasel out of mailcap, but this might annoy
more than this exploit is a threat. A stripping script
* Eric Dorland:
> severity 429052 important
> thanks
>
> Since upstream does not consider this a critical bug, I don't think we
> should either. Some sort of warning to the user would be good though,
> I agree. I could take iceweasel out of mailcap, but this might annoy
> more than this exploit is
On 2007-09-10 22:36:53 +0200, Florian Weimer wrote:
> * Eric Dorland:
> > Since upstream does not consider this a critical bug, I don't
> > think we should either.
I have several comments about this: First I think that Debian's
security team shouldn't make their decisions based on what upstream
de
4 matches
Mail list logo