Re: [gNewSense-users] Firefox crashes on cnet.com due to security vulnerability in Dapper 6.06 (since updated in Ubuntu)

[Daniel Dickinson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 8 Nov 2006 09:01:56 +0000
"Brian Brazil" <address@hidden> wrote:

> On 11/8/06, Daniel Dickinson <address@hidden> wrote:
> > On doing some research, it seems that the version of firefox
> > delivered with ubuntu 6.06 has a bug in privileged(!) ui code.  It
> > is treated as a security vulnerability and has been fixed in ubuntu.
> >
> > ## quoted text follows ##
> >
> > Ubuntu 6.06 LTS:
> >   firefox                        1.5.dfsg+1.5.0.4-0ubuntu6.06
> 
> Eh, Dapper has 1.5.0.3-0ubuntu3. Anyway, we have had

I think the version I listed is what is suggested to upgrade to,
however as you say:

> 1.5.0.7-ubuntu0.6.06 in our security archives for over a month. This
> is what was distributed on all 1.0 LiveCDs.
> 
> Thanks for the report, but I do a pull from Ubuntu security every
> night so we'll get most stuff automatically.

So it's not this particular bug that is the problem, however disabling
javascript means that the crash doesn't happen, so it may be related,
or a regression in ubuntu.  I'll have to try ubuntu to see if it's
fixed there (I'm using a 1.0 livecd installed onto the hard drive and
with the latest updates).

- -- 
GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C      http://gnupg.org
And that's my crabbing done for the day.  Got it out of the way early, 
now I have the rest of the afternoon to sniff fragrant tea-roses or 
strangle cute bunnies or something.   -- Michael Devore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFUlUFhvWBpdQuHxwRAiRXAKC3lXeaS8FPkMJRaAD/BFTtHNFnhACeNnJ/
ofFlCKvi5kIvAdlA9SGDawA=
=JiQa
-----END PGP SIGNATURE-----