Re: Bug#447734: libxul0d: vulnerable to CVE-2007-5339
On Tue, Oct 23, 2007 at 10:54:47PM +0200, Florian Weimer wrote:
> * Sam Morris:
>
> > Although <http://security-tracker.debian.net/tracker/CVE-2007-5339>
> > states that no packages in unstable are vulnerable to this bug, I just
> > tested Epiphany against it at <http://bcheck.scanit.be/bcheck/> and it
> > managed to crash my browser.
>
> We've discovered a few more CVEs that still affect xulrunner. I'm
> currently on vacation, but next week, I'll ask the colleague who did the
> analysis to submit his findings. (We planned to do this anyway, but it
> somehow got lost between other issues.)
All the recent firefox issues affect xulrunner (and iceape), just someone
needs to commit them.
Cheers,
Moritz
Reply to: