[Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
Daniel Veditz
dveditz at cruzio.com
Mon Aug 2 22:25:39 BST 2004
> VIII. DISCLOSURE TIMELINE
>
> 01/17/2004 Exploit acquired by iDEFENSE.
> 03/05/2004 Bug sent to Netscape Security Bug form at
> http://cgi.netscape.com/cgi-bin/bug-security.cgi
> 03/05/2004 Bug entered into bugzilla.mozilla.org
> http://bugzilla.mozilla.org/show_bug.cgi?id=236618
> 03/05/2004 iDEFENSE clients notified
> 07/09/2004 Patch submitted into Mozilla source tree.
> http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
> 08/02/2004 Public disclosure
The fix was checked in March 8, 2004
http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c12
The July check-in was a back-port to the 1.4 branch
-Dan Veditz
Full-Disclosure is hosted and sponsored by Secunia.