[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2008-0416 for mozilla-firefox; details request
From: Josh Bressers <bressers () redhat ! com>
Date: 2008-02-22 2:43:06
Message-ID: 8856.1203648186 () devserv ! devel ! redhat ! com
[Download RAW message or body]
>
> The CVE entry for this one is horribly obscure, and only Ubuntu has
> noted it. I don't even see it referenced in an MFSA on mozilla's site.
>
> Kees, is this specific to 1.5.x, do you know? Or anyone else for that
> matter? The CVE entry reads:
>
> Multiple unspecified vulnerabilities in Mozilla Firefox, as used in
> Ubuntu 6.06 through 7.10 and possibly other distributions, allow remote
> attackers to conduct cross-site scripting (XSS) attacks via unknown
> vectors related to character encoding.
>
> Doesn't indicate a version, but Ubuntu's advisory is providing a
> 1.5.0.15 (pre-patch?), so I'd like to know if this affects 2.0.0.11 (and
> is fixed in 2.0.0.12?), or if this is still unresolved in upstream 2.0.x
> (or doesn't affect it all).
>
> More details would be fabulous. Thanks.
>
I'm going to reply to this off list. It's a sensitive matter.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic