[Secure-testing-team] Some mozilla security bug updates
Mike Hommey
mh at glandium.org
Sat Mar 24 15:06:05 UTC 2007
On Fri, Mar 23, 2007 at 04:33:39PM -0600, Micah Anderson <micah at riseup.net> wrote:
> > I guess CVE-2007-1004 affects iceape, and *may* affect browsers based on
> > xulrunner.
> > CVE-2007-1084 may affect iceape and browsers based on xulrunner.
>
> Ok, I'll add iceape, let us know if you determine otherwise. Also, you
> say that it may affect browsers based on xulrunner, I guess I am noting
> that xulrunner is affected then? What other browsers use xulrunner embeded?
xulrunner by itself is not affected, it depends what browsers that use
it allow to remove from their ui and how easy it may be to make
something look like it with remote content. This can actually affect any
browser.
FWIW, xulrunner-using browsers are, AFAIK, epiphany, galeon and
kazehakase.
Mike
More information about the Secure-testing-team
mailing list