Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: surf
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 10 Feb 2012 01:24:00 +0100

surf does not protect its cookie jar against access read access from
other local users, as reported by Jakub Wilk in this Debian bug:

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296>

Could someone please assign a CVE for this?

uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and
netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir
function creates the dot directory with world-readable settings) have
a similar issue, but are from different code bases.  I think those
should get distinct CVEs, too.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]