Author: stef-guest
Date: 2006-05-15 18:35:07 +0000 (Mon, 15 May 2006)
New Revision: 3956
Modified:
data/CVE/list
Log:
xulrunner is affected by various mozilla issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-15 15:10:10 UTC (rev 3955)
+++ data/CVE/list 2006-05-15 18:35:07 UTC (rev 3956)
@@ -1373,6 +1373,7 @@
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+ - xulrunner 1.8.0.1-9
NOTE: The Mozilla Foundation labels this as "critical", but
it''s not
NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
@@ -1444,6 +1445,7 @@
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+ - xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
@@ -1460,12 +1462,14 @@
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
NOTE: exploitable in the default configuration.
+ - xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
+ - xulrunner 1.8.0.1-9
NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -1474,6 +1478,7 @@
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
+ - xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
@@ -1481,14 +1486,17 @@
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
+ - xulrunner 1.8.0.1-9
NOTE: If print preview (and this bug) can be triggered from JavaScript,
NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before
...)
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- thunderbird 1.5.0.2-1 (medium)
+ - xulrunner 1.8.0.1-9
NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1
causes ...)
- firefox 1.5.dfsg+1.5.0.2-1 (low)
+ - xulrunner 1.8.0.1-9
NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -1496,6 +1504,7 @@
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+ - xulrunner 1.8.0.1-9
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
@@ -1506,6 +1515,7 @@
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+ - xulrunner 1.8.0.1-9
NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS
4.0 ...)
NOT-FOR-US: ShopXS
@@ -2008,6 +2018,7 @@
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+ - xulrunner 1.8.0.1-9
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
@@ -2017,6 +2028,7 @@
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+ - xulrunner 1.8.0.1-9
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
@@ -2026,6 +2038,7 @@
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+ - xulrunner 1.8.0.1-9
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
NOTE: default configuration.
@@ -3142,6 +3155,7 @@
- thunderbird 1.5.0.2-1
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- firefox 1.5.dfsg+1.5.0.2-1
+ - xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including
...)
NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and
...)
@@ -3484,6 +3498,7 @@
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
- firefox 1.5.dfsg+1.5.0.2-1
+ - xulrunner 1.8.0.1-9
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly
other ...)
- xscreensaver 4.21-1
NOTE: Might be fixed earlier, but I''ve verified that the SuSE patch
is included
@@ -3783,6 +3798,7 @@
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (high)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
+ - xulrunner 1.8.0.1-9
CVE-2006-0747
RESERVED
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches
from xpdf ...)
@@ -4931,6 +4947,7 @@
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-thunderbird <unfixed>
- thunderbird 1.5.0.2-1
+ - xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, ...)
{DSA-1051-1}
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
@@ -16676,6 +16693,7 @@
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
- firefox 1.5.dfsg+1.5.0.2-1
- thunderbird 1.5.0.2-1
+ - xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]