Package: iceweasel Version: 2.0.0.1+dfsg-2 Severity: grave Tags: security, fixed-upstream, patch
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says: "Mozilla based browsers allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code." Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=370445 Upstream patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252 -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
