Author: micah
Date: 2007-03-23 22:31:16 +0000 (Fri, 23 Mar 2007)
New Revision: 5576
Modified:
data/CVE/list
Log:
updates to mozilla products based on maintainer notes to list
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-03-22 22:07:56 UTC (rev 5575)
+++ data/CVE/list 2007-03-23 22:31:16 UTC (rev 5576)
@@ -1017,6 +1017,7 @@
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the
about: URI ...)
- iceweasel <unfixed> (medium)
- iceape <unfixed> (medium)
+ - xulrunner <unfixed> (bug #415919; bug #415944; bug #415945; medium)
NOTE: according to a blog comment at
http://www.gnucitizen.org/projects/hscan-redux/,
NOTE: older mozillas are not vulnerable
TODO: this should be checked
@@ -1088,6 +1089,8 @@
NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
...)
- iceweasel <unfixed> (medium)
+ - iceape <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX
...)
NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047 allows remote servers to cause a
denial ...)
@@ -1426,6 +1429,9 @@
NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing
and ...)
- iceweasel <unfixed> (low)
+ - iceape <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ NOTE: maintainer notes that this may affect browsers based on xulrunner
CVE-2007-1003
RESERVED
CVE-2007-1002
@@ -2002,8 +2008,10 @@
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the
Phishing ...)
- iceweasel <unfixed> (low)
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla
Firefox ...)
- - iceweasel <unfixed> (low)
+ - iceweasel 2.0.0.2+dfsg-1 (low)
- firefox <removed> (low)
+ - iceape 1.0.8-1 (low)
+ - xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers
blocked ...)
NOTE: MFSA-2007-05
- iceweasel 2.0.0.2+dfsg-1 (medium)
@@ -4910,12 +4918,12 @@
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to
bypass ...)
NOTE: MFSA-2006-76
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
- - iceape <unfixed> (high)
+ - xulrunner <not-affected> (maintainer reported)
+ - iceape <not-affected> (maintainer reported)
CVE-2006-6506 (The "Feed Preview" feature in Mozilla Firefox
2.0 before 2.0.0.1 sends ...)
NOTE: MFSA-2006-75
- iceweasel 2.0.0.1+dfsg-1 (low)
- - iceape <unfixed> (low)
+ - iceape <not-affected> (maintainer reported)
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird
before ...)
{DSA-1265-1}
NOTE: MFSA-2006-74
@@ -9252,7 +9260,7 @@
CVE-2006-4562 (** DISPUTED ** ...)
NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute
arbitrary ...)
- - xulrunner <unfixed> (low)
+ - xulrunner 1.8.0.7-1 (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
- mozilla <unfixed> (low)
- mozilla-firefox <removed> (low)
@@ -18891,6 +18899,8 @@
NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
- mozilla <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to
...)
NOT-FOR-US: MyBB
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard)
1.02 ...)