thr3ads.net - Secure testing commits - [Secure-testing-commits] r5148

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Dec-19 23:07 UTC
[Secure-testing-commits] r5148 - data/CVE

Author: stef-guest
Date: 2006-12-19 23:07:40 +0100 (Tue, 19 Dec 2006)
New Revision: 5148

Modified:
   data/CVE/list
Log:
- many new issues for mozilla & friends (high)
- converted unfixed firefox issues to iceweasel


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-19 19:50:46 UTC (rev 5147)
+++ data/CVE/list	2006-12-19 22:07:40 UTC (rev 5148)
@@ -149,28 +149,110 @@
 	NOT-FOR-US: SiteKiosk
 CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21
allows ...)
 	- phpbb2 <unfixed> (bug #402140)
-CVE-2006-6507
+CVE-2006-6507 [XSS using outer window''s Function object]
 	RESERVED
-CVE-2006-6506
+	NOTE: MFSA-2006-76
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+CVE-2006-6506 [ RSS Feed-preview referrer leak]
 	RESERVED
-CVE-2006-6505
+	NOTE: MFSA-2006-75
+	- iceweasel <unfixed> (low)
+	- xulrunner <unfixed> (low)
+	- iceape <unfixed> (low)
+CVE-2006-6505 [Mail header processing heap overflows]
 	RESERVED
-CVE-2006-6504
+	NOTE: MFSA-2006-74
+	- mozilla-thunderbird <removed> (high)
+	- thunderbird <removed> (high)
+	- icedove <unfixed> (high)
+CVE-2006-6504 [Mozilla SVG Processing Remote Code Execution]
 	RESERVED
-CVE-2006-6503
+	NOTE: MFSA-2006-73
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- mozilla-firefox <removed> (high)
+CVE-2006-6503 [XSS by setting img.src to javascript: URI]
 	RESERVED
-CVE-2006-6502
+	NOTE: MFSA-2006-72
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- mozilla-firefox <removed> (high)
+CVE-2006-6502 [LiveConnect crash finalizing JS objects]
 	RESERVED
-CVE-2006-6501
+	NOTE: MFSA-2006-71
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- mozilla-firefox <removed> (high)
+	- mozilla-thunderbird <removed> (low)
+	- thunderbird <removed> (low)
+	- icedove <unfixed> (low)
+CVE-2006-6501 [Privilege escallation using watch point]
 	RESERVED
-CVE-2006-6500
+	NOTE: MFSA-2006-70
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- mozilla-firefox <removed> (high)
+	- mozilla-thunderbird <removed> (low)
+	- thunderbird <removed> (low)
+	- icedove <unfixed> (low)
+CVE-2006-6500 [CSS cursor image buffer overflow (Windows only)]
 	RESERVED
-CVE-2006-6499
+	NOTE: MFSA-2006-69
+	- iceweasel <not-affected> (windows only)
+	- xulrunner <not-affected> (windows only)
+	- iceape <not-affected> (windows only)
+	- firefox <not-affected> (windows only)
+	- mozilla <not-affected> (windows only)
+	- mozilla-firefox <not-affected> (windows only)
+	- mozilla-thunderbird <not-affected> (windows only)
+	- thunderbird <not-affected> (windows only)
+CVE-2006-6499 [Crashes with evidence of memory corruption]
 	RESERVED
-CVE-2006-6498
+	NOTE: MFSA-2006-68
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- mozilla-firefox <removed> (high)
+	- mozilla-thunderbird <removed> (low)
+	- thunderbird <removed> (low)
+CVE-2006-6498 [Crashes with evidence of memory corruption]
 	RESERVED
-CVE-2006-6497
+	NOTE: MFSA-2006-68
+	- iceweasel <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- iceape <unfixed> (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- mozilla-firefox <removed> (high)
+	- mozilla-thunderbird <removed> (low)
+	- thunderbird <removed> (low)
+CVE-2006-6497 [Crashes with evidence of memory corruption]
 	RESERVED
+	NOTE: MFSA-2006-68
+	- iceweasel <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
+	- iceape <unfixed> (medium)
+	- firefox <removed> (medium)
+	- mozilla <removed> (medium)
+	- mozilla-firefox <removed> (medium)
+	- mozilla-thunderbird <removed> (low)
+	- thunderbird <removed> (low)
 CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA
Anti-Virus ...)
 	NOT-FOR-US: CA Anti-Virus
 CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and
10 ...)
@@ -1762,13 +1844,15 @@
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-65
-	- firefox <unfixed> (high)
+	- firefox <removed> (high)
+	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
 CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8,
...)
 	NOTE: MFSA-2006-65
-	- firefox <unfixed> (high)
+	- firefox <removed> (high)
+	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (medium)
 	[sarge] - mozilla <not-affected> (Vulnerable code not present)
@@ -2009,7 +2093,8 @@
 CVE-2006-5634 (Multile PHP remote file inclusion vulnerabilities in phpProfiles
2.1 ...)
 	NOT-FOR-US: phpProfiles
 CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote
attackers ...)
-	- firefox <unfixed> (unimportant)
+	- firefox <removed> (unimportant)
+	- iceweasel <unfixed> (unimportant)
 	- icedove <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 	- xulrunner <unfixed> (unimportant)
@@ -2379,14 +2464,16 @@
 CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in
Mozilla ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-65
-	- firefox <unfixed> (low)
+	- firefox <removed> (low)
+	- iceweasel 2.0+dfsg-1 (low)
 	- icedove 1.5.0.8-1 (low)
 	- mozilla <unfixed> (low)
 	- xulrunner 1.8.0.8-1 (low)
 CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8,
...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-67
-	- firefox <unfixed> (high)
+	- firefox <removed> (high)
+	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
@@ -2395,7 +2482,8 @@
 	NOTE: MFSA-2006-66
 	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
 	NOTE: the fixes for CVE-2006-4340 were incomplete
-	- firefox <unfixed> (high)
+	- firefox <removed> (high)
+	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
@@ -4957,7 +5045,8 @@
 	NOT-FOR-US: Sonium Enterprise Adressbook
 CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a
denial of ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
-	- firefox <unfixed>
+	- firefox <removed>
+	- iceweasel <unfixed>
 	- mozilla <unfixed>
 	- mozilla-firefox <unfixed>
 	- xulrunner 1.8.0.8-1
@@ -8608,7 +8697,8 @@
 CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows
remote ...)
 	NOT-FOR-US: PunBB
 CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers
to ...)
-	- firefox <unfixed> (unimportant)
+	- firefox <removed> (unimportant)
+	- iceweasel <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 	- mozilla-firefox <unfixed> (unimportant)
 	- xulrunner <unfixed> (unimportant)
@@ -13986,7 +14076,8 @@
 CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4
allow ...)
 	NOT-FOR-US: PHP GEN
 CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and
...)
-	- firefox <unfixed> (bug #349339)
+	- firefox <removed> (bug #349339)
+	- iceweasel <unfixed> (bug #349339)
 	NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
 	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
 	- mozilla <unfixed>
@@ -14097,7 +14188,8 @@
 	NOT-FOR-US: PunBB
 CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains
when ...)
 	NOTE: see CVE-2005-4684
-	- firefox <unfixed> (unimportant)
+	- firefox <removed> (unimportant)
+	- iceweasel <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 	[sarge] - mozilla <no-dsa> (Hardly exploitable)
 	- xulrunner <unfixed> (unimportant)
@@ -21876,7 +21968,8 @@
 CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and
...)
 	- mediawiki 1.4.9 (bug #276057)
 CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge
with the ...)
-	- firefox <unfixed> (bug #320539; unimportant)
+	- firefox <removed> (bug #320539; unimportant)
+	- iceweasel <unfixed> (bug #320539; unimportant)
 	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
 	- mozilla <unfixed> (bug #320538; unimportant)
 	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of
security
@@ -29267,7 +29360,8 @@
 	NOTE: hard disc, well than you have "DoSed" yourself,
congratulations.
 	NOTE: It''s reproducable with 1.0.2, but I doubt it will ever be
"fixed", as HTML parsers
 	NOTE: generally try to make sense of anything even remotely resembling HTML.
-	- firefox <unfixed> (unimportant)
+	- firefox <removed> (unimportant)
+	- iceweasel <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)
 	NOT-FOR-US: mailcarrier
Secure testing commits - Dec 2006 - r5148 - data/CVE

[Secure-testing-commits] r5148 - data/CVE
