[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
From: Daniel Veditz <dveditz@xxxxxxxxxx>
Date: Mon, 02 Aug 2004 14:25:39 -0700

> VIII. DISCLOSURE TIMELINE
>
> 01/17/2004   Exploit acquired by iDEFENSE.
> 03/05/2004   Bug sent to Netscape Security Bug form at
>              http://cgi.netscape.com/cgi-bin/bug-security.cgi
> 03/05/2004   Bug entered into bugzilla.mozilla.org
>              http://bugzilla.mozilla.org/show_bug.cgi?id=236618
> 03/05/2004   iDEFENSE clients notified
> 07/09/2004   Patch submitted into Mozilla source tree.
>              http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
> 08/02/2004   Public disclosure

The fix was checked in March 8, 2004
http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c12

The July check-in was a back-port to the 1.4 branch

-Dan Veditz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
  - From: idlabs-advisories

Prev by Date: Re: [Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
Next by Date: [Full-Disclosure] Security Web Site Hosting
Previous by thread: Re: [Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
Next by thread: Re: [Full-Disclosure] WEP Crack utility for Windows XP
Index(es):
- Date
- Thread