Your message dated Mon, 20 Jan 2014 23:46:15 +0000
with message-id <[email protected]>
and subject line Bug#736165: Removed package(s) from unstable
has caused the Debian Bug report #142317,
regarding mozilla-browser: strange middlemouse behavior leads to security 
problem
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
142317: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=142317
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mozilla-browser
Version: 2:0.9.9-4pre5v4
Severity: grave
Tags: security
Justification: user security hole

The default mozilla behavior attempts to use the clipboard paste buffer
as a URL whenever the middle mouse button is pressed anywhere in the
display window, even if the clipboard contents are manifestly *not*
a URL (selected web page text, emacs buffer contents, shell commands,
etc.)  This frequently causes the user's private data in the
clipboard to be accidentally sent across the network, either to search
servers or to the DNS.  Therefore I am calling this a security bug
which exposes user data.

The fix is simple: add the line
  user_pref("middlemouse.contentLoadURL", false);
to /etc/mozilla/prefs.js to turn off this "feature".

Mozilla bugzilla bug 85677 has more information; see especially
comments 11, 14, and 15.
   http://bugzilla.mozilla.org/show_bug.cgi?id=85677

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux skiffserv 2.4.17 #1 Fri Feb 8 14:08:32 EST 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages mozilla-browser depends on:
ii  debconf                 1.0.32           Debian configuration management sy
ii  libc6                   2.2.5-4          GNU C Library: Shared libraries an
ii  libglib1.2              1.2.10-ximian.2  The GLib library of C routines
ii  libgtk1.2               1.2.10-ximian.21 The GIMP Toolkit set of widgets fo
ii  libjpeg62               6b-5             The Independent JPEG Group's JPEG 
ii  libnspr4                2:0.9.9-4pre5v4  Netscape Portable Runtime Library
ii  libstdc++2.10-glibc2.2  1:2.95.4-5       The GNU stdc++ library
ii  xlibs                   4.1.0-15         X Window System client libraries
ii  zlib1g                  1:1.1.4-1        compression library - runtime



--- End Message ---
--- Begin Message ---
Version: 2.7.12-1+rm

Dear submitter,

as the package iceape has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/736165

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to