On Wed, Jul 09, 2008 at 02:42:45AM +0400, Dmitry Potapov wrote:
> Package: iceweasel
> Version: 2.0.0.14-0etch1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The following steps are necessary to reproduce this problem:
> 1. Log-in on your Gmail account
> 2. Open Gmail chat with any other user
> 3. Press the "pop-out" button
> 4. Close the pop-out window
> Doing so, you should see Iceweasel (Forefox) crash
>
> While it is possible that Google relies on some non-standard feature,
> the crash itself indicates the secutiry problem inside of Iceweasel.
> I have tried with Firefox 2.10.15 with the same result. Also, I have
> heard from a friend of mine that the problem exists with Firefox 2.0
> on Windows XP. So, the problem is not Debian specific, yet the problem
> indicates the present a potential security hold inside of the browser,
> which should be addressed.
Browser crashes induced by web sites are not treated as security issues
by the Debian Security Team, unless there's evidence of memory corruption
leading to code injection.
Did you file a bug in Mozilla Bugzilla on this?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
