On Thu, May 11, 2006 at 06:48:20 +0200, Martin Schulze wrote: [...] > > Package : mozilla-firefox > Vulnerability : programming error > Problem type : remote > Debian-specific: no > CVE ID : CVE-2006-1993 > CERT advisory : VU#866300 > BugTraq ID : 17671 > > Martijn Wargers and Nick Mott described crashes of Mozilla due to the > use of a deleted controller context. In theory this could be abused to > execute malicious code. Since Mozilla and Firefox share the same > codebase, Firefox may be vulnerable as well. > > For the stable distribution (sarge) this problem has been fixed in > version 1.7.8-1sarge7. > > For the unstable distribution (sid) this problem has been fixed in > version 1.5.dfsg+1.5.0.3-1. >
the version numbers given above seem to refer to the new mozilla packages instead of the new mozilla firefox packages, you may want to correct that -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
