Bug#293663: /usr/bin/mozilla-1.7.5: [CAN-2004-1156] secunia window injection vulnerability

[Djoume SALVETTI]

Package: mozilla-browser
Version: 2:1.7.5-1
Severity: normal
File: /usr/bin/mozilla-1.7.5


Good day,

Mozilla browser is vulnerable to window injection vulnerability
describe in CAN-2004-1156 :

http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

The problem was fixed upstream : 

https://bugzilla.mozilla.org/show_bug.cgi?id=273699

(the patch is in https://bugzilla.mozilla.org/show_bug.cgi?id=103638)

Regards.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-rfb-swsusp
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages mozilla-browser depends on:
ii  debconf                  1.4.42          Debian configuration management sy
ii  libatk1.0-0              1.8.0-4         The ATK accessibility toolkit
ii  libc6                    2.3.2.ds1-20    GNU C Library: Shared libraries an
ii  libfontconfig1           2.2.3-4         generic font configuration library
ii  libfreetype6             2.1.7-2.3       FreeType 2 font engine, shared lib
ii  libgcc1                  1:3.4.3-7       GCC support library
ii  libglib2.0-0             2.6.1-3         The GLib library of C routines
ii  libgtk2.0-0              2.6.1-2         The GTK+ graphical user interface 
ii  libnspr4                 2:1.7.5-1       Netscape Portable Runtime Library
ii  libpango1.0-0            1.8.0-3         Layout and rendering of internatio
ii  libstdc++5               1:3.3.5-8       The GNU Standard C++ Library v3
ii  libx11-6                 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6                 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxft2                  2.1.2-6         FreeType-based font drawing librar
ii  libxp6                   4.3.0.dfsg.1-10 X Window System printing extension
ii  libxrender1              0.8.3-7         X Rendering Extension client libra
ii  libxt6                   4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii  psmisc                   21.5-1          Utilities that use the proc filesy
ii  xlibs                    4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  zlib1g                   1:1.2.2-4       compression library - runtime

-- debconf information:
* mozilla/dsp: auto
  mozilla/locale_auto: true
  mozilla/xprint:
* mozilla/prefs_note:


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]