Author: joeyh
Date: 2006-05-28 17:13:59 +0000 (Sun, 28 May 2006)
New Revision: 4088
Modified:
data/CVE/list
Log:
big firefox cleanup:
- many cves were fixed by DSA 1044-1 and fixed in unstable too but for
some reason the versions not recorded
- mozilla-firefox is a dummy package that can no longer have security
holes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-28 16:22:16 UTC (rev 4087)
+++ data/CVE/list 2006-05-28 17:13:59 UTC (rev 4088)
@@ -1932,8 +1932,8 @@
NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x
before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
@@ -1942,85 +1942,85 @@
NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (low)
- - mozilla-firefox <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.2-2 (low)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla <unfixed> (low)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird
1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5 and ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (low)
- - mozilla-firefox <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.2-2 (low)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla <unfixed> (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (high)
- - mozilla-firefox <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.2-2 (high)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (high)
- - mozilla-firefox <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.2-2 (high)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (high)
- - mozilla-firefox <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.2-2 (high)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- - mozilla-firefox <unfixed> (high)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
@@ -2030,7 +2030,7 @@
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- - mozilla-firefox <unfixed> (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla <unfixed> (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
- xulrunner 1.8.0.1-9
@@ -2038,7 +2038,7 @@
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- - mozilla-firefox <unfixed> (high)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
@@ -2046,7 +2046,7 @@
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- - mozilla-firefox <unfixed> (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
@@ -2074,8 +2074,8 @@
NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
{DSA-1051-1 DSA-1046-1}
- - firefox <unfixed> (medium)
- - mozilla-firefox <unfixed> (medium)
+ - firefox 1.5.dfsg+1.5.0.2 (medium)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
@@ -4369,15 +4369,15 @@
NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - firefox <unfixed> (low)
- - mozilla-firefox <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.2 (low)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
- mozilla <unfixed> (low)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x
before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- - mozilla-firefox <unfixed> (high)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (high)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
@@ -4549,7 +4549,7 @@
CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in
tmsPUBLISHER ...)
NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote
attackers to ...)
- - mozilla-firefox <unfixed> (low)
+ - mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
- firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel
1.0.6 ...)
NOT-FOR-US: Sysbotz Systems Panel
@@ -4980,7 +4980,8 @@
NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and
...)
- firefox <unfixed> (bug #349339)
- - mozilla-firefox <unfixed> (bug #349339)
+ NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
+ - mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
- mozilla <unfixed>
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to
...)
NOT-FOR-US: MyBB
@@ -5544,7 +5545,7 @@
- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in
mail, ...)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- - mozilla-firefox <unfixed> (bug #351442)
+ - mozilla-firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-thunderbird <unfixed>
- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running
Javascript ...)
@@ -5561,7 +5562,7 @@
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- - mozilla-firefox <unfixed> (bug #351442)
+ - mozilla-firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
@@ -7302,7 +7303,7 @@
NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before
...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- - mozilla-firefox <unfixed> (unimportant)
+ - firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
- mozilla <unfixed> (unimportant)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
@@ -7931,7 +7932,9 @@
NOT-FOR-US: Safari
NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service
(CPU ...)
- - mozilla-firefox <unfixed> (bug #340283; bug #345469; low)
+ - firefox <unfixed> (bug #340283; bug #345469; low)
+ NOTE: mozilla-firefox became a transitional package so not vulnerable
+ - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; low)
- mozilla <unfixed> (bug #340282; low)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
...)
{DSA-973-1}
@@ -12829,7 +12832,9 @@
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and
...)
- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge
with the ...)
- - mozilla-firefox <unfixed> (bug #320539; low)
+ - firefox <unfixed> (bug #320539; low)
+ NOTE: mozilla-firefox is now a transitional package
+ - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; low)
- mozilla <unfixed> (bug #320538; low)
CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to
obtain the ...)
NOT-FOR-US: CuteNews
@@ -20206,7 +20211,7 @@
NOTE: hard disc, well than you have "DoSed" yourself,
congratulations.
NOTE: It''s reproducable with 1.0.2, but I doubt it will ever be
"fixed", as HTML parsers
NOTE: generally try to make sense of anything even remotely resembling HTML.
- - mozilla-firefox <unfixed> (unimportant)
+ - firefox <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
TODO: This is still a bug (maybe not a security one) and needs fixing. (IMHO,
fw)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)