[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2008-0416 for mozilla-firefox; details request
From:       Josh Bressers <bressers () redhat ! com>
Date:       2008-02-22 2:43:06
Message-ID: 8856.1203648186 () devserv ! devel ! redhat ! com
[Download RAW message or body]

> 
> The CVE entry for this one is horribly obscure, and only Ubuntu has
> noted it.  I don't even see it referenced in an MFSA on mozilla's site.
> 
> Kees, is this specific to 1.5.x, do you know?  Or anyone else for that
> matter?  The CVE entry reads:
> 
> Multiple unspecified vulnerabilities in Mozilla Firefox, as used in
> Ubuntu 6.06 through 7.10 and possibly other distributions, allow remote
> attackers to conduct cross-site scripting (XSS) attacks via unknown
> vectors related to character encoding.
> 
> Doesn't indicate a version, but Ubuntu's advisory is providing a
> 1.5.0.15 (pre-patch?), so I'd like to know if this affects 2.0.0.11 (and
> is fixed in 2.0.0.12?), or if this is still unresolved in upstream 2.0.x
> (or doesn't affect it all).
> 
> More details would be fabulous.  Thanks.
> 

I'm going to reply to this off list.  It's a sensitive matter.

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]