| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jul 2009 12:58:36 +0200
From: Thierry Zoller <Thierry@...ler.lu>
To: bugtraq <bugtraq@...urityfocus.com>,
full-disclosure <full-disclosure@...ts.grok.org.uk>, <info@...cl.etat.lu>,
<vuln@...unia.com>, <cert@...t.org>, <nvd@...t.gov>, <cve@...re.org>
Subject: Update: [GSEC-TZO-44-2009] One bug to rule them
all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone,
iPod, Wii, PS3....
________________________________________________________________________
One bug to rule them all
IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror,
Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens.... and more.
________________________________________________________________________
Update/Changes :
----------------
Backround :
~~~~~~~~~~~
+ I failed to include details about the nature of the bug (DOM),
the root cause is a DOM flaw and not a Javascript flaw as the
Backround info might have lead to think.
Thanks James Schend for the heads up.
+ The bug was present in a 9 year old version of Netscape - draw your own
conclusions.
Patch availability :
~~~~~~~~~~~~~~~~~~~~
+ Seamonkey 1.1.17 and SeaMonkey 2 (soon to be Beta) have been patched
Affected Products :
~~~~~~~~~~~~~~~~~~~~
+ Blackberry 8800/probably all (null ptr exception, browser crash)
Thanks to "528-0444" for the Report.
+ Google G1 latest (Firmware 1.5, Kernel: 2.6.27-00393-g6607056, Build: CRB43)
(Browser crash)
Thanks Scott Fraser for the Report.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists