Full Disclosure mailing list archives
RE: [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities
From: Gervase Markham <gerv () gerv net>
Date: Tue, 24 Aug 2004 10:04:51 +0100
> Gentoo Linux Security Advisory GLSA 200408-22 > > Severity: Normal > Title: Mozilla, Firefox, Thunderbird: New releases fix > vulnerabilities > Date: August 23, 2004 > Bugs: #57380, #59419 > ID: 200408-22 <snip> > * An attacker may force the browser to execute arbitrary code from a > malicious website by utilizing Mozilla's predictable cache file > locations, and its ability to execute local files within the local > zone.As has been pointed out to the author of the relevant "advisory" several times, Mozilla has neither a "local zone" nor "predictable cache file locations". The author assumed that the random string generated for his cache file location was the same as everyone else's.
I wonder how Gentoo can have fixed, QAed and tested the fix for a vulnerability which doesn't exist?
(Note: none of the referenced CVE numbers in the advisory refer to this "issue".)
Gerv _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities Kurt Lieber (Aug 23)
- <Possible follow-ups>
- RE: [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities Gervase Markham (Aug 24)