thr3ads.net - Secure testing commits - [Secure-testing-commits] r11417

If this information is useful, please help other people find it:
Share via:

gilbert-guest at alioth.debian.org

2009-Mar-17 02:11 UTC

[Secure-testing-commits] r11417 - data/CVE

Author: gilbert-guest
Date: 2009-03-17 02:11:22 +0000 (Tue, 17 Mar 2009)
New Revision: 11417

Modified:
   data/CVE/list
Log:
tested webkit-based browsers against CVE-2008-4723; both kazehakase and midori
discriminate based on file extension (e.g. they did not run the malicious html
when the file name did not end with a valid html extension: jpg, txt, etc).


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-17 01:16:05 UTC (rev 11416)
+++ data/CVE/list	2009-03-17 02:11:22 UTC (rev 11417)
@@ -6084,7 +6084,7 @@
 	NOT-FOR-US: Opera
 CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
 	{CVE-2008-4723}
-	TODO: check if Webkit is affected
+        NOTE: not reproducible using libwebkit-1.0-1 1.0.1-4 (midori 0.1.4and
kazehakase 0.5.4-2.2)
 	NOTE: not reproducible using iceweasel 3.0.1
 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
 	{CVE-2008-4724}

Secure testing commits - Mar 2009 - r11417 - data/CVE

[Secure-testing-commits] r11417 - data/CVE