Ubuntu
firefox package

Bug #12706
Comment #2

Comment 2 for bug 12706

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-02-09:

Message-ID: <email address hidden>
Date: Wed, 9 Feb 2005 12:05:51 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: Re: Two problems in Firefox

--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-firefox
Version: 1.0+dfsg.1-5
Tags: security
Severity: grave

Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.

Let's file a bug for tracking..

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0231
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0231
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781134617=
144&w=3D2
> Reference: MISC:http://www.mikx.de/firetabbing/
>=20
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>=20
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0232
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0232
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781055630=
856&w=3D2
> Reference: MISC:http://www.mikx.de/fireflashing/
>=20
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Open source is important from a technical angle. -- Linus Tor=
valds
>=20

--=20
see shy jo

--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCCkLud8HHehbQuO8RAgyFAJ9G2PEjr3lm69TLKsXTup3qPhZXYgCff9Xn
f/9HrVbTgcXC7ck8UdCYJ+4=
=bQO5
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--

Message-ID: <20050209170551.GB3863@kitenet.net>
Date: Wed, 9 Feb 2005 12:05:51 -0500
From: Joey Hess <joeyh@debian.org>
To: submit@bugs.debian.org
Subject: Re: Two problems in Firefox

--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-firefox
Version: 1.0+dfsg.1-5
Tags: security
Severity: grave

Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.

Let's file a bug for tracking..

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0231
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0231
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781134617=
144&w=3D2
> Reference: MISC:http://www.mikx.de/firetabbing/
>=20
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>=20
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0232
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0232
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781055630=
856&w=3D2
> Reference: MISC:http://www.mikx.de/fireflashing/
>=20
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>=20
> Regards,
>=20
> 	Joey
>=20
> --=20
> Open source is important from a technical angle.             -- Linus Tor=
valds
>=20

--=20
see shy jo

--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCCkLud8HHehbQuO8RAgyFAJ9G2PEjr3lm69TLKsXTup3qPhZXYgCff9Xn
f/9HrVbTgcXC7ck8UdCYJ+4=
=bQO5
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--

Ubuntufirefox package

Comment 2 for bug 12706

Ubuntu
firefox package