Author: jmm-guest Date: 2006-12-03 23:17:22 +0100 (Sun, 03 Dec 2006) New Revision: 5056 Modified: data/CVE/list Log: one mozilla issue not for sarge let''s treat mozilla issues, which are clearly only denial of service w/o potential for code injection as unimportant. all potential losses (e.g. some open tabs) are minimal, the attack vector can be mitigated by not visiting the page again and ultimately firefox is not exactly a application suited for HA... (low for xulrunner, which might have different fields of application) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-03 22:08:48 UTC (rev 5055) +++ data/CVE/list 2006-12-03 22:17:22 UTC (rev 5056) @@ -925,6 +925,7 @@ - firefox <unfixed> (high) - icedove 1.5.0.8-1 (medium) - mozilla <unfixed> (medium) + [sarge] - mozilla <not-affected> (Vulnerable code not present) - xulrunner <unfixed> (high) [sarge] - mozilla-firefox <not-affected> (Vulnerable code not present) - mozilla-thunderbird <removed> (medium) @@ -1157,12 +1158,12 @@ CVE-2006-5634 (Multile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...) NOT-FOR-US: phpProfiles CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...) - - firefox <unfixed> (low) - - icedove <unfixed> (low) - - mozilla <unfixed> (low) + - firefox <unfixed> (unimportant) + - icedove <unfixed> (unimportant) + - mozilla <unfixed> (unimportant) - xulrunner <unfixed> (low) - - mozilla-firefox <removed> (low) - - mozilla-thunderbird <removed> (low) + - mozilla-firefox <removed> (unimportant) + - mozilla-thunderbird <removed> (unimportant) CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) NOT-FOR-US: iG Shop CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)