Mozilla Firefox

firefox 1.0.7 vulnerability not fixed

Bug #32083 reported by towsonu2003 on 2006-02-20

This bug report is a duplicate of: Bug #30976: CVE-2005-4134 overlong document.title setting can corrupt history data, causing non-responsive temporary hang (crash?) on subsequent startups. Edit Remove

Affects		Status	Importance	Assigned to	Milestone
	Mozilla Firefox	New	Undecided	Unassigned
	Ubuntu	Invalid	High	Unassigned

firefox in ubuntu breezy is still 1.0.7, which has known vulnerabilities. the ones I found in 2-3 minutes are:
http://www.whitedust.net/speaks/1432/ where there is a link to the proof of concept
and
http://security-protocols.com/modules.php?name=News&file=article&sid=2978
these may be the same.
More info here http://www.ubuntuforums.org/showthread.php?t=126941
And here as well http://ubuntuforums.org/showthread.php?t=126622
(last one is more for dapper though).

Revision history for this message

towsonu2003 (towsonu2003) wrote on 2006-02-28:

For ubuntu breezy

Revision history for this message

towsonu2003 (towsonu2003) wrote on 2006-03-12:

more detail:
Following are the bugs affecting 1.0 & 1.5 and fixed after October 10th (last firefox update in repos) with 1.5.0.1 release:
http://www.mozilla.org/security/anno...sa2006-05.html (critical)
http://www.mozilla.org/security/anno...sa2006-03.html
http://www.mozilla.org/security/anno...sa2006-01.html (moderate)

My understanding is that a default fully updated breezy instalation is vulnerable to these.

Revision history for this message

towsonu2003 (towsonu2003) wrote on 2006-05-02:

duplicate

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.