cvs commit: ports/security/vuxml vuln.xml
Remko Lodder
remko at FreeBSD.org
Thu Sep 20 00:00:22 PDT 2007
On Wed, September 19, 2007 11:19 pm, Michael Johnson wrote:
>>
>> Document mozilla -- code execution via Quicktime media-link files,
>> The Mozilla advisory talks somewhat about Windows for this matter,
>> but better be safe then sorry (An updated firefox is available
>> already).
>>
>
> This only really affects Quicktime, the program not video files
> according to http://www.mozilla.org/security/announce/2007/
> mfsa2007-28.html
>
> So FreeBSD should be safe.
>
Hi Michael,
Thanks for commenting on this one, I think that you are right about the
source of the attack, but FireFox safeguards itself now by denying the
QuickTime command-line stuff itself. So I think this does affect the
browser (and not only QuickTime).
Cheers
remko
--
Kind regards,
Remko Lodder ** remko at elvandar.org
FreeBSD ** remko at FreeBSD.org
/* Quis custodiet ipsos custodes */
More information about the cvs-all
mailing list