[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cite for print-to-postscript exploit in Mozilla?

Hash: SHA1

On Tuesday 13 July 2004 01:56, Florian Weimer wrote:
> * Kevin B. McCarty:
> > On 07/10/2004 12:18 PM, Florian Weimer wrote:
> >> 1.7 incorporates some other security fixes, apparently in the area
> >> of cross-domain scripting vulnerabilities.  So you probably should
> >> upgrade anyway.
> >
> > Does anyone know if there is some reason these fixes haven't been
> > backported to woody?
> This is quite complicated because Mozilla's upgrades are known to
> break profiles, 

Tell me about it. I was trying to upgrade users from phoenix to firefox; 
after the upgrade the users profiles were stuffed.

I tried to work around it by customising the system-wide mozilla config 
so that the *default* settings for users firing up firefox for the 
first time would have the right proxy, homepage etc.

I discovered that I had to unpack a .jar file, edit files inside it and 
then pack it up again; the 'config files' under /etc just arn't enough.

> and Debian's mozilla has a few dependencies which you 
> have to backport, too (Galeon etc.).
> All in all, fixing Mozilla for woody isn't particularly rewarding.
> Even SuSE doesn't dare to fix Mozilla security bugs, so it's not a
> Debian-specific problem at all.
Version: GnuPG v1.2.4 (GNU/Linux)


Reply to: