Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.
Let's file a bug for tracking..
> ======================================================
> Candidate: CAN-2005-0231
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781134617144&w=2
> Reference: MISC:http://www.mikx.de/firetabbing/
>
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>
>
>
> ======================================================
> Candidate: CAN-2005-0232
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781055630856&w=2
> Reference: MISC:http://www.mikx.de/fireflashing/
>
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>
> Regards,
>
> Joey
>
> --
> Open source is important from a technical angle. -- Linus Torvalds
>
Package: mozilla-firefox
Version: 1.0+dfsg.1-5
Tags: security
Severity: grave
Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.
Let's file a bug for tracking..
> ======= ======= ======= ======= ======= ======= ======= ===== cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2005- 0231 marc.theaimsgro up.com/ ?l=bugtraq& m=1107811346171 44&w=2 www.mikx. de/firetabbing/ ======= ======= ======= ======= ======= ======= ===== cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2005- 0232 marc.theaimsgro up.com/ ?l=bugtraq& m=1107810556308 56&w=2 www.mikx. de/fireflashing /
> Candidate: CAN-2005-0231
> URL: http://
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://
> Reference: MISC:http://
>
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>
>
>
> =======
> Candidate: CAN-2005-0232
> URL: http://
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://
> Reference: MISC:http://
>
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>
> Regards,
>
> Joey
>
> --
> Open source is important from a technical angle. -- Linus Torvalds
>
--
see shy jo