Package: mozilla-firefox Version: 1.0+dfsg.1-5 Tags: security Severity: grave
Martin Schulze wrote: > Please make sure these problems are fixed in the package in sarge. > When you need to upload a fixed package please add the CVE ids in > the proper changelog entry. Let's file a bug for tracking.. > ====================================================== > Candidate: CAN-2005-0231 > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231 > Final-Decision: > Interim-Decision: > Modified: > Proposed: > Assigned: 20050207 > Category: SF > Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0] > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781134617144&w=2 > Reference: MISC:http://www.mikx.de/firetabbing/ > > Firefox 1.0 does not invoke the Javascript Security Manager when a > user drags a javascript: URL to a tab, which could allos remote > attackers to bypass the security model. > > > > ====================================================== > Candidate: CAN-2005-0232 > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232 > Final-Decision: > Interim-Decision: > Modified: > Proposed: > Assigned: 20050207 > Category: SF > Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0] > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781055630856&w=2 > Reference: MISC:http://www.mikx.de/fireflashing/ > > Firefox 1.0 allows remote attackers to modify Boolean configuration > parameters for the about:config site by using a plugin such as Flash, > and the -moz-opacity filter, to display the about:config site then > cause the user to double-click at a certain screen position. > > Regards, > > Joey > > -- > Open source is important from a technical angle. -- Linus Torvalds > -- see shy jo
signature.asc
Description: Digital signature
