Hi It seems that recently a meduim security hole was exposed in mozilla: allows a server to read local files.
See the origianl advisory: http://sec.greymagic.com/adv/gm001-ns/ as well as lwn.net's short summary: http://lwn.net/2002/0502/security.php3 Anybody here happens to know more about the ways in which GreyMagic tried to inform Netscape of this flaw (according to ther advisory)? The bugs in the bugzilla were only opened (immediatly) after the annoncement of this advisory. Regarding a promptly fix: A fix to the nightly build was ready almost immedietly. But what about existing versions? I stil see no relation to that in nither netscape's site nor in mozilla.org. From what I understand from mozilla it will be fixed in the next release candidate (or will it be 1.0?). Of course, mozilla is at a beta phase, and any release is a bugfix release. What distros come with volnurable versions of mozilla that should be updated ASAP? -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
