deletion of files possible with file saving
Bug #8750 reported by
Debian Bug Importer
This bug report is a duplicate of:
Bug #8716: Important Security Update for Firefox Available.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Debian) |
Fix Released
|
Unknown
|
|||
firefox (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
Automatically imported from Debian bug report #274629 http://
Changed in firefox: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Message-Id: <email address hidden>
Date: Sun, 03 Oct 2004 10:02:54 +0200
From: Laszlo Boszormenyi <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: deletion of files possible with file saving
Package: mozilla-firefox
Version: 0.9.3-5
Severity: grave
Tags: security
If an attacker can convience the user to download a file, the attacker www.mozilla. org/press/ mozilla- 2004-10- 01-02.html
can delete files from the directory the user saves the downloaded file.
For further information please see:
http://
I kindly ask you to package the latest Firefox for two reasons:
- it seems your patching makes my Firefox unreliable, lot of crashes
- other fixes may help; especially when we are talking about future
security holes+fixes, as it is unlikely that developers will support
0.9.3 when there was more 'stable' releases between.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1
Locale: LANG=en_US, LC_CTYPE=hu_HU
Versions of packages mozilla-firefox depends on:
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii fontconfig 2.2.3-1 generic font configuration library
ii libatk1.0-0 1.8.0-2 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libfontconfig1 2.2.3-1 generic font configuration library
ii libfreetype6 2.1.7-2.2 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.1-4sarge1 GCC support library
ii libglib2.0-0 2.4.6-2 The GLib library of C routines
ii libgtk2.0-0 2.4.10-1 The GTK+ graphical user interface
ii libidl0 0.8.3-1 library for parsing CORBA IDL file
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.6.0-1 Layout and rendering of internatio
ii libpng12-0 1.2.5.0-7 PNG library - runtime
ii libstdc++5 1:3.3.4-6sarge1.2 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-4 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-4 X Window System miscellaneous exte
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-4 X Window System printing extension
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-4 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc filesy
ii xlibs 4.3.0.dfsg.1-4 X Window System client libraries m
ii zlib1g 1:1.2.1.1-7 compression library - runtime
-- no debconf information