[Secure-testing-commits] r11417 - data/CVE
gilbert-guest at alioth.debian.org
gilbert-guest at alioth.debian.org
Tue Mar 17 02:11:23 UTC 2009
Author: gilbert-guest
Date: 2009-03-17 02:11:22 +0000 (Tue, 17 Mar 2009)
New Revision: 11417
Modified:
data/CVE/list
Log:
tested webkit-based browsers against CVE-2008-4723; both kazehakase and midori discriminate based on file extension (e.g. they did not run the malicious html when the file name did not end with a valid html extension: jpg, txt, etc).
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-17 01:16:05 UTC (rev 11416)
+++ data/CVE/list 2009-03-17 02:11:22 UTC (rev 11417)
@@ -6084,7 +6084,7 @@
NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
{CVE-2008-4723}
- TODO: check if Webkit is affected
+ NOTE: not reproducible using libwebkit-1.0-1 1.0.1-4 (midori 0.1.4and kazehakase 0.5.4-2.2)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
{CVE-2008-4724}
More information about the Secure-testing-commits
mailing list