Your message dated Sat, 6 Jun 2009 22:25:09 +0200
with message-id <[email protected]>
and subject line Re: iceweasel: CVE-2009-0253 status bar url obfuscation
has caused the Debian Bug report #513004,
regarding iceweasel: CVE-2009-0253 status bar url obfuscation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
513004: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513004
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: iceweasel
Version: 3.0.5-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for iceweasel.
CVE-2009-0253[0]:
| Mozilla Firefox 3.0.5 allows remote attackers to trick a user into
| visiting an arbitrary URL via an onclick action that moves a crafted
| element to the current mouse position, related to a "Status Bar
| Obfuscation" and "Clickjacking" attack.
I have no 2.x version available to test this so it might be
that this works in 2.x as well.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0253
http://security-tracker.debian.net/tracker/CVE-2009-0253
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpnOXDtVW7m9.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
On Sun, Jan 25, 2009 at 05:34:32PM +0100, Nico Golde wrote:
> Package: iceweasel
> Version: 3.0.5-1
> Severity: grave
> Tags: security
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for iceweasel.
>
> CVE-2009-0253[0]:
> | Mozilla Firefox 3.0.5 allows remote attackers to trick a user into
> | visiting an arbitrary URL via an onclick action that moves a crafted
> | element to the current mouse position, related to a "Status Bar
> | Obfuscation" and "Clickjacking" attack.
>
> I have no 2.x version available to test this so it might be
> that this works in 2.x as well.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0253
> http://security-tracker.debian.net/tracker/CVE-2009-0253
Disputed by upstream, see upstream #474967
Cheers,
Moritz
--- End Message ---
