See http://secunia.com/advisories/9680/ for details.
isn't this identical to bug 213012? (the source, Martin O'Neal, is the same for both advisories.) if so, that advisory's information is incorrect. the bug was fixed in 1.4.1 and 1.5, so 1.5 and 1.6 are not vulnerable.
The source advisory for this bug (http://www.corsaire.co.uk/advisories/c030712-001.txt) was released 20030712. The bugs are identical. "The advisory will be updated with further information when details about fixed versions are acquired." We need to notify Secunia that their information is wrong, and ask them to add 1.4.1+, 1.5+ to their list of browsers in which the problem was fixed.
Can someone find contact details for them? I looked on the advisory and wasn't able to figure out where to mail to lay the smack down about 1.5 and 1.6 not being vulnerable. I'd like to get that notice fixed asap if that's really the case.
there's some contact info here: http://secunia.com/contact_secunia/?menu=info
Changelog: 2004-03-10: Added information about KDE/Konqueror fixes. 2004-03-11: Added information about Mozilla fixes.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Since bug 213012 covers the vulnerability itself I've taken the liberty of changing the summary since this bug seems to be about getting Secunia to update their advisory.
Summary: Cookie Path Directory Traversal Vulnerability → Secunia wrongly claims 1.5 & 1.6 vulnerable to bug 213012 (Cookie Path Directory Traversal Vulnerability)
You need to log in before you can comment on or make changes to this bug.