tags 411192 pending thanks * Kees Cook ([EMAIL PROTECTED]) wrote: > Package: iceweasel > Version: 2.0.0.1+dfsg-2 > Severity: grave > Tags: security, fixed-upstream, patch > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says: > > "Mozilla based browsers allows remote attackers to bypass the same > origin policy, steal cookies, and conduct other attacks by writing a URI > with a null byte to the hostname (location.hostname) DOM property, due > to interactions with DNS resolver code." > > Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=370445 > Upstream patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252
Thanks, patch is applied and I will try to roll out a build tonight. -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
signature.asc
Description: Digital signature
