Hosting Provided By

Bug#453783: apache2: CVE-2007-4465

From: Stefan Fritsch <sf(at)sfritsch.de>
Date: Tue Dec 04 2007 - 16:43:26 EST

Dear Paul,

thanks for the information.

On Saturday 01 December 2007, you wrote:
> > If you can exploit that with Firefox, Firefox should be fixed.
> > Can you give more details? I would be very interested.
>
> Will do, offline (because it affects the main web login site of my
> Uni). Essentially, I found that Firefox will inherit the charset of
> the parent page, when that had been selected manually (does not
> inherit the charset specified in headers or meta). I guess this is
> a "new" bug in Firefox, maybe they should be told...

This would require some social engineering but could probably be exploited in some cases. I think reporting it to the Firefox bugzilla would be a good idea.

> > If it affects only one buggy browser, it's low impact. ...
>
> If that buggy browser is IE, used by 90% of the (deluded)
> population, then is it not low impact.

I have commited the patch to our SVN repository for etch. It will probably be released with etch r3 (or maybe r2, if that is delayed further). I still do not think it is important enough for a security advisory.

Cheers,
Stefan

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Dec 4 17:11:29 2007

This message: [ Message body ]
Next message: Debian Bug Tracking System: "Processed: severity of 453783 is important, user debian-release@lists.debian.org, usertagging 453783 ..."
Previous message: mpadxmvzl: "³É.Îª.ÓÅ.Ðã.²¿.ÃÅ.Ö÷.¹Ü.¾.Àí.×¨.Ìâ uxftk"
In reply to: Paul Szabo: "Bug#453783: apache2: CVE-2007-4465"
Next in thread: Debian Bug Tracking System: "Bug#453783: marked as done (apache2: CVE-2007-4465)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 02:59:08 EDT

Do you need help?