Launchpad CVE tracker

CVE 2005-2704

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.

Related bugs and status

CVE-2005-2704 (Candidate) is related to these bugs:

Bug #21268: epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?

Summary				In	Importance	Status
	21268	epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?		epiphany-browser (Ubuntu)	High	Invalid
	21268	epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?		epiphany-browser (Debian)	Unknown	Fix Released

Bug #21308: security issue revealed: CAN-2005-2871

Summary				In	Importance	Status
	21308	security issue revealed: CAN-2005-2871		mozilla (Ubuntu)	High	Fix Released
	21308	security issue revealed: CAN-2005-2871		mozilla (Debian)	Unknown	Fix Released

Bug #22260: shell command execution

Summary				In	Importance	Status
	22260	shell command execution		mozilla-thunderbird (Ubuntu)	High	Fix Released
	22260	shell command execution		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #22261: mozilla-thunderbird --compose executes shell commands

Summary				In	Importance	Status
	22261	mozilla-thunderbird --compose executes shell commands		mozilla-thunderbird (Ubuntu)	High	Invalid
	22261	mozilla-thunderbird --compose executes shell commands		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #22324: mozilla: Multiple security issues fixed in 1.7.12

Summary				In	Importance	Status
	22324	mozilla: Multiple security issues fixed in 1.7.12		mozilla (Ubuntu)	High	Fix Released
	22324	mozilla: Multiple security issues fixed in 1.7.12		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-2704

References