Processed: Re: Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability
Processing commands for [EMAIL PROTECTED]: tags 411192 pending Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability Tags were: fixed-upstream patch security Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability
tags 411192 pending thanks * Kees Cook ([EMAIL PROTECTED]) wrote: Package: iceweasel Version: 2.0.0.1+dfsg-2 Severity: grave Tags: security, fixed-upstream, patch http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says: Mozilla based browsers allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=370445 Upstream patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252 Thanks, patch is applied and I will try to roll out a build tonight. -- Eric Dorland [EMAIL PROTECTED] ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 signature.asc Description: Digital signature
Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability
Package: iceweasel Version: 2.0.0.1+dfsg-2 Severity: grave Tags: security, fixed-upstream, patch http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says: Mozilla based browsers allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=370445 Upstream patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252 -- Kees Cook@outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
