[lug] mozilla 1.2.1

[jdavis]

On Sat, 2002-12-14 at 06:26, rm at fabula.de wrote:
> On Thu, Dec 12, 2002 at 10:28:03PM -0700, jdavis wrote:
> >
> > thanks for the help. i got tired of jacking with the profiles
> > and just removed all instances of mozilla and its files and re-installed
> > from my rh7.3 disk and updated. When I click the "about" button in
> > mozilla it reports 1.0.1...Im hoping this is like on my old
> > 7.3 server how my updated Apache version still claimed 1.26 or what ever
> > it was that was vuln to chunked attack..but it wasnt vuln. 
> 
> Hi JD,
> 
> having froliced arround in the apache source for a while myself
> i just wonder: are you _really_ shure you are running apache 1.27?
> The version string is compiled into the server core and if you 
> telnet to your server and it reports 1.26 you can be pretty shure
> you're running the old version. 

When using a Apache Chunked scanner, it reported my updated 
rh7.3 box as being vuln based on the banner. Maybe it is *was*
1.26 but I could not crash a process.Maybe the redhat updates
were just patches.Eitherway, I know the updated apache reported 
1.26 and was not vuln to chunked attack.

jd
> 
>   Ralfd
> 
> > Mozilla
> > 1.0.1 appears to have some cookie security issues as well as other
> > things. Am I being protected by only using up2date to take care
> > of all my security patches?
> > 
> > thanks again,
> > jd
> > jd at taproot.bz
> > http://www.taproot.bz
> > 
> > 
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug