Ubuntu
mozilla package

[warty] mozilla-browser: JS can access any mozilla memory

Bug #14934 reported by Debian Bug Importer
6
Affects Status Importance Assigned to Milestone
mozilla (Debian)
Fix Released
Unknown
mozilla (Ubuntu)
Fix Released
High
Thom May
Ubuntu ubuntu-4.10

Bug Description

Automatically imported from Debian bug report #302778 http://bugs.debian.org/302778

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #302778 http://bugs.debian.org/302778

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sun, 3 Apr 2005 00:56:21 +0400
From: "Alexandra N. Kossovsky" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla-browser: JS can access any mozilla memory

Package: mozilla-browser
Version: 2:1.7.6-1
Severity: grave
Tags: security patch
Justification: user security hole

https://bugzilla.mozilla.org/show_bug.cgi?id=288688

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (999, 'testing'), (50, 'experimental'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=C, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)

Versions of packages mozilla-browser depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libfontconfig1 2.3.1-2 generic font configuration library
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-6 GCC support library
ii libglib2.0-0 2.6.3-1 The GLib library of C routines
ii libgtk2.0-0 2.6.2-4 The GTK+ graphical user interface
ii libnspr4 2:1.7.6-1 Netscape Portable Runtime Library
ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-10 X Window System printing extension
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc filesy
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-3 compression library - runtime

-- debconf information excluded

--
Regards,
        Sasha.
Alexandra N. Kossovsky, software engineer.
e-mail: <email address hidden>

Revision history for this message
Thom May (thombot) wrote :

Fixed in hoary

Revision history for this message
In , Moritz Muehlenhoff (jmm-inutil) wrote : This bug can be closed

This has been fixed in 1.7.7-1.

Revision history for this message
In , Steve Langasek (vorlon) wrote : tagging 302778

# Automatically generated email from bts, devscripts version 2.8.10
tags 302778 sarge

Revision history for this message
In , Steve Langasek (vorlon) wrote : Re: mozilla-browser: JS can access any mozilla memory

mozilla 2:1.7.7-2 has reached testing, so AIUI this bug can be closed.

Cheers,
--
Steve Langasek
postmodern programmer

Revision history for this message
Martin Pitt (pitti) wrote :

Warty was fixed in USN-155-1.

Bug Watch Updater (bug-watch-updater)
Changed in mozilla:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.