Comment 2 for bug 20648

Message-Id: <E1EAPqQ-0007RL-Rw@hanson>
Date: Wed, 31 Aug 2005 12:29:26 +0200
From: Alexander Sack <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Various security bugs unfixed in debian stable

Package: mozilla
Version: 2:1.7.8-1sarge1
Severity: critical
Tags: security

There are still unfixed security issues in the mozilla package in sarge,
namely:

    + CAN-2005-2270/MFSA 2005-56 Code execution through shared
      function objects
    + CAN-2005-2269/MFSA 2005-55 XHTML node spoofing
    + CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing
    + CAN-2005-2266/MFSA 2005-52 Same origin violation: frame
      calling top.focus()
    + CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in
      InstallVersion.compareTo()
    + CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger
      callback
    + CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript
      disabled
    + CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities
    + CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing
      (-> was already fixed with 2:1.7.8-1sarge1)