Message-ID: <email address hidden>
Date: Wed, 9 Feb 2005 19:05:15 +0100
From: Mike Hommey <email address hidden>
To: Joey Hess <email address hidden>, <email address hidden>
Subject: Re: Bug#294415: Two problems in Firefox
I guess these will be adressed in the upcoming 1.0.1.
Mike
On Wed, Feb 09, 2005 at 12:05:51PM -0500, Joey Hess <email address hidden> wrote:
> Package: mozilla-firefox
> Version: 1.0+dfsg.1-5
> Tags: security
> Severity: grave
>
> Martin Schulze wrote:
> > Please make sure these problems are fixed in the package in sarge.
> > When you need to upload a fixed package please add the CVE ids in
> > the proper changelog entry.
>
> Let's file a bug for tracking..
>
> > ======================================================
> > Candidate: CAN-2005-0231
> > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
> > Final-Decision:
> > Interim-Decision:
> > Modified:
> > Proposed:
> > Assigned: 20050207
> > Category: SF
> > Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781134617144&w=2
> > Reference: MISC:http://www.mikx.de/firetabbing/
> >
> > Firefox 1.0 does not invoke the Javascript Security Manager when a
> > user drags a javascript: URL to a tab, which could allos remote
> > attackers to bypass the security model.
> >
> >
> >
> > ======================================================
> > Candidate: CAN-2005-0232
> > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
> > Final-Decision:
> > Interim-Decision:
> > Modified:
> > Proposed:
> > Assigned: 20050207
> > Category: SF
> > Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781055630856&w=2
> > Reference: MISC:http://www.mikx.de/fireflashing/
> >
> > Firefox 1.0 allows remote attackers to modify Boolean configuration
> > parameters for the about:config site by using a plugin such as Flash,
> > and the -moz-opacity filter, to display the about:config site then
> > cause the user to double-click at a certain screen position.
> >
> > Regards,
> >
> > Joey
> >
> > --
> > Open source is important from a technical angle. -- Linus Torvalds
> >
>
> --
> see shy jo
Message-ID: <email address hidden>
Date: Wed, 9 Feb 2005 19:05:15 +0100
From: Mike Hommey <email address hidden>
To: Joey Hess <email address hidden>, <email address hidden>
Subject: Re: Bug#294415: Two problems in Firefox
I guess these will be adressed in the upcoming 1.0.1.
Mike
On Wed, Feb 09, 2005 at 12:05:51PM -0500, Joey Hess <email address hidden> wrote: ======= ======= ======= ======= ======= ======= ===== cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2005- 0231 marc.theaimsgro up.com/ ?l=bugtraq& m=1107811346171 44&w=2 www.mikx. de/firetabbing/ ======= ======= ======= ======= ======= ======= ===== cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2005- 0232 marc.theaimsgro up.com/ ?l=bugtraq& m=1107810556308 56&w=2 www.mikx. de/fireflashing /
> Package: mozilla-firefox
> Version: 1.0+dfsg.1-5
> Tags: security
> Severity: grave
>
> Martin Schulze wrote:
> > Please make sure these problems are fixed in the package in sarge.
> > When you need to upload a fixed package please add the CVE ids in
> > the proper changelog entry.
>
> Let's file a bug for tracking..
>
> > =======
> > Candidate: CAN-2005-0231
> > URL: http://
> > Final-Decision:
> > Interim-Decision:
> > Modified:
> > Proposed:
> > Assigned: 20050207
> > Category: SF
> > Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> > Reference: URL:http://
> > Reference: MISC:http://
> >
> > Firefox 1.0 does not invoke the Javascript Security Manager when a
> > user drags a javascript: URL to a tab, which could allos remote
> > attackers to bypass the security model.
> >
> >
> >
> > =======
> > Candidate: CAN-2005-0232
> > URL: http://
> > Final-Decision:
> > Interim-Decision:
> > Modified:
> > Proposed:
> > Assigned: 20050207
> > Category: SF
> > Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> > Reference: URL:http://
> > Reference: MISC:http://
> >
> > Firefox 1.0 allows remote attackers to modify Boolean configuration
> > parameters for the about:config site by using a plugin such as Flash,
> > and the -moz-opacity filter, to display the about:config site then
> > cause the user to double-click at a certain screen position.
> >
> > Regards,
> >
> > Joey
> >
> > --
> > Open source is important from a technical angle. -- Linus Torvalds
> >
>
> --
> see shy jo