Re: Cite for print-to-postscript exploit in Mozilla?
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 13 July 2004 01:56, Florian Weimer wrote:
> * Kevin B. McCarty:
> > On 07/10/2004 12:18 PM, Florian Weimer wrote:
> >> 1.7 incorporates some other security fixes, apparently in the area
> >> of cross-domain scripting vulnerabilities. So you probably should
> >> upgrade anyway.
> > Does anyone know if there is some reason these fixes haven't been
> > backported to woody?
> This is quite complicated because Mozilla's upgrades are known to
> break profiles,
Tell me about it. I was trying to upgrade users from phoenix to firefox;
after the upgrade the users profiles were stuffed.
I tried to work around it by customising the system-wide mozilla config
so that the *default* settings for users firing up firefox for the
first time would have the right proxy, homepage etc.
I discovered that I had to unpack a .jar file, edit files inside it and
then pack it up again; the 'config files' under /etc just arn't enough.
> and Debian's mozilla has a few dependencies which you
> have to backport, too (Galeon etc.).
> All in all, fixing Mozilla for woody isn't particularly rewarding.
> Even SuSE doesn't dare to fix Mozilla security bugs, so it's not a
> Debian-specific problem at all.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----