Full Disclosure mailing list archives

Re: iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability

From: Daniel Veditz <dveditz () cruzio com>
Date: Mon, 02 Aug 2004 14:25:39 -0700

VIII. DISCLOSURE TIMELINE

01/17/2004   Exploit acquired by iDEFENSE.
03/05/2004   Bug sent to Netscape Security Bug form at
             http://cgi.netscape.com/cgi-bin/bug-security.cgi
03/05/2004   Bug entered into bugzilla.mozilla.org
             http://bugzilla.mozilla.org/show_bug.cgi?id=236618
03/05/2004   iDEFENSE clients notified
07/09/2004   Patch submitted into Mozilla source tree.
             http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
08/02/2004   Public disclosure


The fix was checked in March 8, 2004
http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c12

The July check-in was a back-port to the 1.4 branch

-Dan Veditz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability idlabs-advisories (Aug 02)
- Re: iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability Jedi/Sector One (Aug 02)
- Re: iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability Daniel Veditz (Aug 02)