thr3ads.net - Secure testing commits - [Secure-testing-commits] r3804

If this information is useful, please help other people find it:
Share via:
Florian Weimer
2006-Apr-14 12:17 UTC
[Secure-testing-commits] r3804 - data/CVE

Author: fw
Date: 2006-04-14 12:16:48 +0000 (Fri, 14 Apr 2006)
New Revision: 3804

Modified:
   data/CVE/list
Log:
CVE-2006-1731, CVE-2006-1730, CVE-2006-1729, CVE-2006-1728,
CVE-2006-1727, CVE-2006-1726, CVE-2006-1725, CVE-2006-1724,
CVE-2006-1723, CVE-2006-1531, CVE-2006-1530, CVE-2006-1529:
new Mozilla bugs

(More to come, this commit intends to prevent duplicate work.)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-14 10:01:15 UTC (rev 3803)
+++ data/CVE/list	2006-04-14 12:16:48 UTC (rev 3804)
@@ -114,23 +114,61 @@
 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
 	TODO: check
 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- mozilla-firefox <unfixed> (high)
+	- mozilla-browser <unfixed> (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <unfixed> (medium)
+	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
+	NOTE: exploitable in the default configuration.
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	NOTE: Can likely be used to steal OpenSSH keys and the like.
 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- mozilla-firefox <unfixed> (high)
+	- mozilla-browser <unfixed> (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <unfixed> (medium)
 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <unfixed> (medium)
+	NOTE: If print preview (and this bug) can be triggered from JavaScript,
+	NOTE: the urgency should probably be raised.
 CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before
...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- thunderbird <unfixed> (medium)
+	NOTE: New bug in Firefox 1.5.
 CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1
causes ...)
-	TODO: check
+	- firefox <unfixed> (low)
+	NOTE: New bug in Firefox 1.5.
 CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <unfixed> (low)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <unfixed> (low)
+	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS
4.0 ...)
 	TODO: check
 CVE-2006-1721 (Unspecified vulnerability in the CMU Cyrus Simple Authentication
and ...)
@@ -615,11 +653,29 @@
 CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP
...)
 	NOT-FOR-US: PHP Classifieds
 CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1528
 	RESERVED
 CVE-2006-1527
Secure testing commits - Apr 2006 - r3804 - data/CVE

[Secure-testing-commits] r3804 - data/CVE
