| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <13912634.1126823133065.JavaMail.juha-matti.laurio@netti.fi> Date: Fri, 16 Sep 2005 01:25:33 +0300 (EEST) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: pkr@...s.dk Cc: bugtraq@...urityfocus.com Subject: RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox > Hi Juha! > > > I have informed the vendor Netscape being affected on 9th > > September 2005. > > I did the same on the 10th of September - still no reply nor official > statement from Netscape which makes me a little worried. Good to know. It seems that's their way to act. They had a coverage Security Center wp.netscape.com/security/index.html earlier, but all these wp.netscape.com pages redirect to Netscape Browser 8.0 Main Page when writing this. > > Disabling IDN support via about:config (or prefs.js file) is > > possible in Netscape Browser 8 too. Xpi file for Firefox and > > Correct. I reported that workaround on the 10th of September. > > I did so using both the security address at netscape.com and the "submission > form" on Netscape's official webpage. I never got any reply/respons from > netscape. Yes, I have similar experiences. I have information that they are reading their bug report submissions, however. > Netscape uses the same rendering engine as Firefox (unless explicitly told > to use IE) and as such, will also be vulnerable. The workaround, covered by > the Mozilla Team, will correct the problem simply by disabling IDN. > > Regards > Peter Kruse Thanks for sharing the word. - Juha-Matti
Powered by blists - more mailing lists