forwarded 324907 https://bugzilla.mozilla.org/show_bug.cgi?id=237085 thanks
* Joey Hess ([EMAIL PROTECTED]) wrote: > Package: mozilla-firefox > Version: 1.0.6-2 > Severity: normal > > CAN-2005-2602 describes what is presented as a security hole, involving > very large urls not displaying properly in mozilla's location bar. I > cannot reproduce the exact problem reported there, which is that the URL > bar appeared empty when a huge url was in it. But I was able to find an > interesting bug. After entering the url below via paste, my url bar > began to display some of the letters doubled over top of each other, and > as I continued to add to the url, this doubling continued until the URL > bar displayed as a solid black rectangle the height of the letters. > > If I select the url to paste it into this email, I can get the reported > "empty" bar, as it inverts the black rectangle. Still it's hard to take > that seriously as a security hole.=20 > > Anyway, the url was http://foo.com/ followed by as many "aaaaa" as I could > paste in before I got tired of pasting. The BTS dropped a previous mail that > had the exact url. > > I have not tested thunderbird or mozilla, but the original report also > says that thunderbird has the problem and I imagine mozilla does too. Apparently there's a checked in patch for this, but may not fully fix things. -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ G e h! r- y+ ------END GEEK CODE BLOCK------
signature.asc
Description: Digital signature