Author: joeyh Date: 2005-07-17 09:54:19 +0000 (Sun, 17 Jul 2005) New Revision: 1419 Modified: data/CAN/list Log: various mozilla updates: thunderbird also affected by CAN-2005-2261 presumably these new set of holes cover the XXXX ones javascript crasher only reproducible with mozilla in unstable Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-17 09:46:07 UTC (rev 1418) +++ data/CAN/list 2005-07-17 09:54:19 UTC (rev 1419) @@ -35,7 +35,7 @@ - mozilla-firefox 1.0.5-1 (medium) CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, and Mozilla before ...) - mozilla-firefox 1.0.5-1 (medium) - TODO: mozilla + TODO: mozilla, thunderbird CAN-2005-2260 (The browser user interface in Firefox before 1.0.5 and Mozilla before ...) - mozilla-firefox 1.0.5-1 (medium) TODO: mozilla @@ -395,10 +395,6 @@ - netpanzer (unfixed; bug #318329; medium) CAN-2005-XXXX [Missing input sanitising in affix''s btsrv/btobex services] - affix 2.1.2-2 (medium) -CAN-2000-XXXX [Multiple unfixed security issues in Mozillae] - - mozilla-firefox 1.0.5-1 (high) - - mozilla (unfixed; high) - - mozilla-thunderbird (unfixed; low) CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...) NOTE: not-for-us (USANet) CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...) @@ -827,8 +823,9 @@ CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...) NOTE: not-for-us (Soldier of Fortune) CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...) - - mozilla-firefox (unfixed; low) - - mozilla (unfixed; low) + NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits + NOTE: did work for mozilla + - mozilla-browser (unfixed; bug filed; low) CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress] - wordpress 1.5.1.3-1 CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)