Author: fw
Date: 2006-04-14 12:16:48 +0000 (Fri, 14 Apr 2006)
New Revision: 3804
Modified:
data/CVE/list
Log:
CVE-2006-1731, CVE-2006-1730, CVE-2006-1729, CVE-2006-1728,
CVE-2006-1727, CVE-2006-1726, CVE-2006-1725, CVE-2006-1724,
CVE-2006-1723, CVE-2006-1531, CVE-2006-1530, CVE-2006-1529:
new Mozilla bugs
(More to come, this commit intends to prevent duplicate work.)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-14 10:01:15 UTC (rev 3803)
+++ data/CVE/list 2006-04-14 12:16:48 UTC (rev 3804)
@@ -114,23 +114,61 @@
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird
1.x ...)
TODO: check
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <unfixed> (medium)
+ - mozilla-browser <unfixed> (medium)
+ - thunderbird <unfixed> (low)
+ - mozilla-thunderbird <unfixed> (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
- TODO: check
+ - firefox <unfixed> (high)
+ - mozilla-firefox <unfixed> (high)
+ - mozilla-browser <unfixed> (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <unfixed> (medium)
+ NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
+ NOTE: exploitable in the default configuration.
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <unfixed> (medium)
+ - mozilla-browser <unfixed> (medium)
+ NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird
1.x ...)
- TODO: check
+ - firefox <unfixed> (high)
+ - mozilla-firefox <unfixed> (high)
+ - mozilla-browser <unfixed> (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <unfixed> (medium)
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird
1.x ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <unfixed> (medium)
+ - mozilla-browser <unfixed> (medium)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <unfixed> (medium)
+ NOTE: If print preview (and this bug) can be triggered from JavaScript,
+ NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before
...)
- TODO: check
+ - firefox <unfixed> (high)
+ - thunderbird <unfixed> (medium)
+ NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1
causes ...)
- TODO: check
+ - firefox <unfixed> (low)
+ NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <unfixed> (medium)
+ - mozilla-browser <unfixed> (medium)
+ - thunderbird <unfixed> (low)
+ - mozilla-thunderbird <unfixed> (low)
+ NOTE: MFSA2006-20 says exploitability has not been confirmed.
+ NOTE: Thunderbird is potentially affected as well, but not in the
+ NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <unfixed> (medium)
+ - mozilla-browser <unfixed> (medium)
+ - thunderbird <unfixed> (low)
+ - mozilla-thunderbird <unfixed> (low)
+ NOTE: This is probably:
https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS
4.0 ...)
TODO: check
CVE-2006-1721 (Unspecified vulnerability in the CMU Cyrus Simple
Authentication and ...)
@@ -615,11 +653,29 @@
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP
...)
NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+ - thunderbird <unfixed> (low)
+ - mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+ NOTE: MFSA2006-20 says exploitability has not been confirmed.
+ NOTE: Thunderbird is potentially affected as well, but not in the
+ NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+ - thunderbird <unfixed> (low)
+ - mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+ NOTE: MFSA2006-20 says exploitability has not been confirmed.
+ NOTE: Thunderbird is potentially affected as well, but not in the
+ NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
- TODO: check
+ - firefox <unfixed> (medium)
+ - mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+ - thunderbird <unfixed> (low)
+ - mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+ NOTE: MFSA2006-20 says exploitability has not been confirmed.
+ NOTE: Thunderbird is potentially affected as well, but not in the
+ NOTE: default configuration.
CVE-2006-1528
RESERVED
CVE-2006-1527
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
