Message-Id: <E1EAPqQ-0007RL-Rw@hanson> Date: Wed, 31 Aug 2005 12:29:26 +0200 From: Alexander Sack <email address hidden> To: Debian Bug Tracking System <email address hidden> Subject: Various security bugs unfixed in debian stable
Package: mozilla Version: 2:1.7.8-1sarge1 Severity: critical Tags: security
There are still unfixed security issues in the mozilla package in sarge, namely:
+ CAN-2005-2270/MFSA 2005-56 Code execution through shared function objects + CAN-2005-2269/MFSA 2005-55 XHTML node spoofing + CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing + CAN-2005-2266/MFSA 2005-52 Same origin violation: frame calling top.focus() + CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() + CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger callback + CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript disabled + CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities + CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing (-> was already fixed with 2:1.7.8-1sarge1)
Message-Id: <E1EAPqQ- 0007RL- Rw@hanson>
Date: Wed, 31 Aug 2005 12:29:26 +0200
From: Alexander Sack <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Various security bugs unfixed in debian stable
Package: mozilla
Version: 2:1.7.8-1sarge1
Severity: critical
Tags: security
There are still unfixed security issues in the mozilla package in sarge,
namely:
+ CAN-2005-2270/MFSA 2005-56 Code execution through shared rsion.compareTo ()
function objects
+ CAN-2005-2269/MFSA 2005-55 XHTML node spoofing
+ CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing
+ CAN-2005-2266/MFSA 2005-52 Same origin violation: frame
calling top.focus()
+ CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in
InstallVe
+ CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger
callback
+ CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript
disabled
+ CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities
+ CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing
(-> was already fixed with 2:1.7.8-1sarge1)