On Mon, Nov 23, 2009 at 11:58:34PM -0500, Michael Gilbert wrote: > Package: xulrunner > Version: 1.9.1.5-1 > Severity: important > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for xulrunner. > > CVE-2009-2953[0]: > | Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote > | attackers to cause a denial of service (CPU consumption) via > | JavaScript code with a long string value for the hash property (aka > | location.hash), a related issue to CVE-2008-5715. >
Mozilla does not consider normal DoS bugs a security issue. It happens that CVEs got filed by someone in the past, but unless they show memory corruption they are useless ... is this advisory something confirmed/released by mozilla? - Alexander -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
