Comment 2 for bug 14934

Message-ID: <email address hidden>
Date: Sun, 3 Apr 2005 00:56:21 +0400
From: "Alexandra N. Kossovsky" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla-browser: JS can access any mozilla memory

Package: mozilla-browser
Version: 2:1.7.6-1
Severity: grave
Tags: security patch
Justification: user security hole

https://bugzilla.mozilla.org/show_bug.cgi?id=288688

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (999, 'testing'), (50, 'experimental'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=C, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)

Versions of packages mozilla-browser depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libfontconfig1 2.3.1-2 generic font configuration library
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-6 GCC support library
ii libglib2.0-0 2.6.3-1 The GLib library of C routines
ii libgtk2.0-0 2.6.2-4 The GTK+ graphical user interface
ii libnspr4 2:1.7.6-1 Netscape Portable Runtime Library
ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-10 X Window System printing extension
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc filesy
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-3 compression library - runtime

-- debconf information excluded

--
Regards,
        Sasha.
Alexandra N. Kossovsky, software engineer.
e-mail: <email address hidden>