© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Message-ID: <email address hidden>
Date: Wed, 9 Feb 2005 19:05:15 +0100
From: Mike Hommey <email address hidden>
To: Joey Hess <email address hidden>, <email address hidden>
Subject: Re: Bug#294415: Two problems in Firefox
I guess these will be adressed in the upcoming 1.0.1.
Mike
On Wed, Feb 09, 2005 at 12:05:51PM -0500, Joey Hess <email address hidden> wrote:
> Package: mozilla-firefox
> Version: 1.0+dfsg.1-5
> Tags: security
> Severity: grave
>
> Martin Schulze wrote:
> > Please make sure these problems are fixed in the package in sarge.
> > When you need to upload a fixed package please add the CVE ids in
> > the proper changelog entry.
>
> Let's file a bug for tracking..
>
> > =======
> > Candidate: CAN-2005-0231
> > URL: http://
> > Final-Decision:
> > Interim-Decision:
> > Modified:
> > Proposed:
> > Assigned: 20050207
> > Category: SF
> > Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> > Reference: URL:http://
> > Reference: MISC:http://
> >
> > Firefox 1.0 does not invoke the Javascript Security Manager when a
> > user drags a javascript: URL to a tab, which could allos remote
> > attackers to bypass the security model.
> >
> >
> >
> > =======
> > Candidate: CAN-2005-0232
> > URL: http://
> > Final-Decision:
> > Interim-Decision:
> > Modified:
> > Proposed:
> > Assigned: 20050207
> > Category: SF
> > Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> > Reference: URL:http://
> > Reference: MISC:http://
> >
> > Firefox 1.0 allows remote attackers to modify Boolean configuration
> > parameters for the about:config site by using a plugin such as Flash,
> > and the -moz-opacity filter, to display the about:config site then
> > cause the user to double-click at a certain screen position.
> >
> > Regards,
> >
> > Joey
> >
> > --
> > Open source is important from a technical angle. -- Linus Torvalds
> >
>
> --
> see shy jo