| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <4A1D4B58.1761.009C.3@dot.state.tx.us> Date: Wed, 27 May 2009 14:16:17 -0500 From: "Jim Parkhurst" <JPARKHUR@....state.tx.us> To: "Stuart Dunkeld" <burningcows@...il.com>, "Thierry Zoller" <Thierry@...ler.lu> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Silly me. Since 1. There was no version specific information provided by the OP (I looked for that) -and- 2. you tell me that "SVG [whatever that is] (including circle) was originally implemented in Firefox 1.5" -and- 3. There is no documentation that SVG has /not/ been removed from Firefox -and- 4. FF1 has been end-of-life'd, what was I thinking??? >>> Stuart Dunkeld <burningcows@...il.com> 05/27/2009 13:49 >>> On Wed, May 27, 2009 at 7:38 PM, Thierry Zoller <Thierry@...ler.lu> wrote: > Hi Jim, > > Read again: > Affected : All Firefox versions that support SVG. > > Then think about what version of Firefox you are using. SVG (including circle) was originally implemented in Firefox 1.5 - https://developer.mozilla.org/en/SVG_in_Firefox_1.5 --stuart JP> Using FF2.0.0.20 and the file does not result in loss of use. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists