FS#4515 - xulrunner needs patching
Attached to Project:
Arch Linux
Opened by name withheld (Gullible Jones) - Wednesday, 26 April 2006, 19:58 GMT
Last edited by Dale Blount (dale) - Wednesday, 26 April 2006, 21:08 GMT
Opened by name withheld (Gullible Jones) - Wednesday, 26 April 2006, 19:58 GMT
Last edited by Dale Blount (dale) - Wednesday, 26 April 2006, 21:08 GMT
|
Details
The current version of xulrunner is subject to a very nasty
security flaw which allows remote execution of arbitrary
code, and Mozilla.org has not yet released a new version and
probably will not for quite some time. I think it would be
prudent to try to patch version 1.8.0.1 and put the patched
version in the Testing repository, to be transferred to
Current as soon as it is proven to be stable. The
possibility of exploitation of this bug may sound remote,
but it is a very serious one and I don't think it's a good
idea to take chances on this.
|
This task depends upon
Closed by Jan de Groot (JGC)
Thursday, 04 May 2006, 12:44 GMT
Reason for closing: Fixed
Additional comments about closing: Added a 1.8.0.2-alike patch taken from OpenSuSE. They updated xulrunner today, so I guess the security bugs should be fixed with it.
Thursday, 04 May 2006, 12:44 GMT
Reason for closing: Fixed
Additional comments about closing: Added a 1.8.0.2-alike patch taken from OpenSuSE. They updated xulrunner today, so I guess the security bugs should be fixed with it.
Any fix available for this on the mozilla cvs?
'd need some more information about this, couldn't find any proper information on this in the mozilla bugtracker.
http://www.mozilla.org/projects/security/known-vulnerabilities.html
There are actually several critical vulnerabilities fixed in version 1.5.0.2 - the one I mentioned was the remote code execution one relating to table rebuilding, but they should probably all be patched.