mailing list archives
CVE request: surf
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 10 Feb 2012 01:24:00 +0100
surf does not protect its cookie jar against access read access from
other local users, as reported by Jakub Wilk in this Debian bug:
Could someone please assign a CVE for this?
uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and
netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir
function creates the dot directory with world-readable settings) have
a similar issue, but are from different code bases. I think those
should get distinct CVEs, too.
- CVE request: surf Florian Weimer (Feb 10)