Mailinglist Archive: opensuse-factory-mozilla (15 mails)

< Previous Next >
[opensuse-factory-mozilla] Fwd: Re: Security issues: How do users, maintainers and developers work together? Second Example: Thunderbird 3.0.6, Firefox 3.6.8
  • From: "pistazienfresser (see profile)" <pistazienfresser@xxxxxx>
  • Date: Fri, 10 Sep 2010 16:24:27 +0200
  • Message-id: <4C8A3F9B.10107@xxxxxx>
Hello maintainers of Mozilla programs, hello all,

there seems to be a 'known' security related bug (potential Cross-Site
Scripting Attacks) on several versions of Thunderbird and Firefox. Is it
also known to you (pl.)?

Regards
pistazienfresser

http://forums.opensuse.org/english/community/general-chit-chat/445980-security-issues-how-do-users-maintainers-developers-work-together-exemple-opera-10-60-issues.html#post2220146

-------- Original Message --------
Subject: Re: Security issues: How do users, maintainers and developers
work together? Second Example: Thunderbird 3.0.6, Firefox 3.6.8
Date: Fri, 10 Sep 2010 08:00:54 GMT
From: pistazienfresser <pistazienfresser@xxxxxxxxxxxxxxxxxxxxxxxxx>
Newsgroups: opensuse.org.no-support.general-chit-chat
References: <pistazienfresser.4h11o0@xxxxxxxxxxxxxxxxxxxxxxxxx>
<Chrysantine.4h14fz@xxxxxxxxxxxxxxxxxxxxxxxxx>

[...]

@ all:
Does anyone how to act to speed up a update related on a (not by
personal experience) know security issue without being able to maintain
by myself?
A fake bugreport?

Opera 10.62 of 2010-09-09 seems to fix no security issues at all.[6]

But how could I speed things up in a case like my Mozilla
Thunderbird 3.0.6 or my Mozilla Firefox 3.6.8?[7][8][9][10]

Regards
pistazienfresser



Footnotes

[1a] http://www.opera.com/support/kb/view/966/

[6]http://www.opera.com/docs/changelogs/unix/1062/

[7]http://www.mozilla.org/security/announce/2010/mfsa2010-49.html
"Title: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
Impact: Critical
Announced: September 7, 2010
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird
3.0.7 SeaMonkey 2.0.7"

[8] Mozilla Thunderbird Bugs Let Remote Users Conduct Cross-Site
Scripting Attacks, Obtain Potentially Sensitive Information, and Execute
Arbitrary Code SecurityTracker; SecurityTracker URL:
http://securitytracker.com/id?1024403
(2010-09-08)
"Impact: A remote user can create a HTML that, when loaded by the
target user, will execute arbitrary code on the target user's system.

A remote user can access the target user's cookies (including
authentication cookies), if any, associated with the target site, access
data recently submitted by the target user via web form to the site, or
take actions on the site acting as the target user.

A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (3.0.7, 3.1.3).
"
[9] Mozilla Firefox DLL Loading Error Lets Remote Users Execute
Arbitrary Code; SecurityTracker URL:
http://securitytracker.com/id?1024406
(2010-09-08)

[10] Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Scripting
Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary
Code, SecurityTracker URL:
http://securitytracker.com/id?1024401
(2010-09-08)

--
To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory-mozilla+help@xxxxxxxxxxxx

< Previous Next >
List Navigation