Your message dated Fri, 8 Jan 2010 01:56:07 +0100
with message-id <[email protected]>
and subject line properly closing
has caused the Debian Bug report #539891,
regarding CVE-2009-2654: allows remote attackers to spoof the address bar
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
539891: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539891
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xulrunner
Severity: important
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.
CVE-2009-2654[0]:
| Mozilla Firefox 3.5.1 and earlier allows remote attackers to spoof the
| address bar, and possibly conduct phishing attacks, via a crafted web
| page that calls window.open with an invalid character in the URL,
| makes document.write calls to the resulting object, and then calls the
| stop method during the loading of the error page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654
http://security-tracker.debian.net/tracker/CVE-2009-2654
Patch: https://bug451898.bugzilla.mozilla.org/attachment.cgi?id=391176
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp4AMUACgkQNxpp46476aoiAwCeKqWgto7rHejQ1l7FYCfz/6n6
IFYAmwe/xWeHzR1rozUIbi+cY4nuNhSA
=xX+m
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 1.9.0.13-1
--- End Message ---
