Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.
Let's file a bug for tracking..
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0231
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0231
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781134617=
144&w=3D2
> Reference: MISC:http://www.mikx.de/firetabbing/
>=20
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>=20
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0232
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0232
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781055630=
856&w=3D2
> Reference: MISC:http://www.mikx.de/fireflashing/
>=20
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Open source is important from a technical angle. -- Linus Tor=
valds
>=20
--=20
see shy jo
--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Wed, 9 Feb 2005 12:05:51 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: Re: Two problems in Firefox
--/NkBOFFp2J2Af1nK Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: mozilla-firefox
Version: 1.0+dfsg.1-5
Tags: security
Severity: grave
Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.
Let's file a bug for tracking..
> =3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D= cve.mitre. org/cgi- bin/cvename. cgi?name= 3DCAN-2005- 0231 marc.theaimsgro up.com/ ?l=3Dbugtraq& m=3D11078113461 7= www.mikx. de/firetabbing/ 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D=3D= 3D=3D= cve.mitre. org/cgi- bin/cvename. cgi?name= 3DCAN-2005- 0232 marc.theaimsgro up.com/ ?l=3Dbugtraq& m=3D11078105563 0= www.mikx. de/fireflashing /
=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0231
> URL: http://
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://
144&w=3D2
> Reference: MISC:http://
>=20
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>=20
>=20
>=20
> =3D=3D=
=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0232
> URL: http://
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://
856&w=3D2
> Reference: MISC:http://
>=20
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Open source is important from a technical angle. -- Linus Tor=
valds
>=20
--=20
see shy jo
--/NkBOFFp2J2Af1nK pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAgyFAJ 9G2PEjr3lm69TLK sXTup3qPhZXYgCf f9Xn 8UdCYJ+ 4=
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCkLud8H
f/9HrVbTgcXC7ck
=bQO5
-----END PGP SIGNATURE-----
--/NkBOFFp2J2Af 1nK--