[Secure-testing-commits] r6152 - data/CVE

Thu, 19 Jul 2007 00:53:08 -0700 

Author: jmm-guest
Date: 2007-07-19 07:53:04 +0000 (Thu, 19 Jul 2007)
New Revision: 6152

Modified:
   data/CVE/list
Log:
new mozilla issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-18 22:08:52 UTC (rev 6151)
+++ data/CVE/list       2007-07-19 07:53:04 UTC (rev 6152)
@@ -47,16 +47,23 @@
        RESERVED
 CVE-2007-3739
        RESERVED
-CVE-2007-3738
+CVE-2007-3738 [Firefox XPCNativeWrapper code injection]
        RESERVED
-CVE-2007-3737
+       - iceweasel <unfixed> (medium)
+CVE-2007-3737 [Firefox insecure event handler code injection]
        RESERVED
-CVE-2007-3736
+       - iceweasel <unfixed>
+CVE-2007-3736 [Firefox addEventListener() and setTimeout () same-origin bypass]
        RESERVED
-CVE-2007-3735
+       - iceweasel <unfixed> (high)
+CVE-2007-3735 [memory corruption in layout engine]
        RESERVED
-CVE-2007-3734
+       - iceweasel <unfixed> (high)
+       - icedove <unfixed> (high)
+CVE-2007-3734 [memory corruption in js engine]
        RESERVED
+       - iceweasel <unfixed> (high)
+       - icedove <unfixed> (high)
 CVE-2007-3733
        RESERVED
 CVE-2007-3732
@@ -186,7 +193,8 @@
 CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows 
Vista has ...)
        TODO: check
 CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet 
Explorer, when ...)
-       TODO: check
+       - iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
+       - icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
 CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys 
DockStudioXP ...)
        TODO: check
 CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia 
...)
@@ -214,7 +222,7 @@
 CVE-2007-3657 (** DISPUTED ** ...)
        TODO: check
 CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does 
not ...)
-       TODO: check
+       - iceweasel <unfixed> (medium)
 CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start 
in JRE ...)
        TODO: check
 CVE-2007-3654
@@ -1085,11 +1093,11 @@
 CVE-2007-3286
        RESERVED
 CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type 
checks via ...)
-       - iceweasel <unfixed> (medium)
-       - iceape <unfixed> (medium)
-       - firefox <removed> (medium)
-       - mozilla <removed> (medium)
-       - xulrunner <unfixed> (medium)
+       - iceweasel <unfixed> (low)
+       - iceape <unfixed> (low)
+       - firefox <removed> (low)
+       - mozilla <removed> (low)
+       - xulrunner <unfixed> (low)
 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows 
allows ...)
        NOT-FOR-US: Apple Safari
 CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when 
root ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to