pdp (architect) wrote:
http://www.gnucitizen.org/blog/firebug-goes-evil
There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome.
Good find.
I recommend to disable Firebug for now until the issue is fixed.
Firebug 1.03 is now
Michal Zalewski wrote:
A quick test case that crashes while trying to follow partly
user-dependent corrupted pointers near valid memory regions (can be forced
to write, too):
http://lcamtuf.coredump.cx/ietrap/testme.html
Firefox problem is being tracked here:
Peter Besenbruch wrote:
Ben Bucksch wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
Are we going to see a version 2.0.0.2 of Firefox soon? With all the
Firefox bugs, we are about due.
A 2.0.0.2 is in progress
http://weblogs.mozillazine.org/qa/
[EMAIL PROTECTED] wrote:
When you have a NULL pointer dereference a code execution is also possible,
so you can't exclude it at all.
For example in this old flaw:
http://securitytracker.com/alerts/2006/Apr/1016001.html
In that example there was a way to influence the crash so that it was not
Nick Boyce wrote:
Hmmm. I didn't realise the Show Images setting got stored, and I
don't think that's the best strategy from a privacy point of view.
It surprised me, too. The threat model was spammers trying to verify
live addresses, and in that model loading a webbug multiple times is no
Daniel Veditz wrote:
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
We believe this to be a testing error.
I responded too soon. This is indeed a problem in the current release
version of Thunderbird 1.5
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
We believe this to be a testing error. The problem of loading remote
iframe and css content was fixed prior to the release of Mozilla
Thunderbird 1.0
The testcase included in the advisory contains the
Daniel Veditz wrote:
[a plain text message]
Just got half a dozen bounces because my plain-text email supposedly
contained Suspicious I-Frame.a (Malicious Mobile Code) virus. Those of
you behind McAfee GroupShield barriers may not be getting the whole
conversation here if people can't even use