Author: jmm-guest Date: 2009-04-22 21:42:00 +0000 (Wed, 22 Apr 2009) New Revision: 11695 Modified: data/CVE/list Log: new mozilla issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-22 21:14:14 UTC (rev 11694) +++ data/CVE/list 2009-04-22 21:42:00 UTC (rev 11695) @@ -136,28 +136,50 @@ NOT-FOR-US: Web File Explorer CVE-2009-1313 RESERVED -CVE-2009-1312 +CVE-2009-1312 [MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs] RESERVED -CVE-2009-1311 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1311 [MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame] RESERVED -CVE-2009-1310 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1310 [MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs] RESERVED -CVE-2009-1309 + - iceweasel 3.0.9-1 + [etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1309 [MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString] RESERVED -CVE-2009-1308 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1308 [MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings] RESERVED -CVE-2009-1307 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1307 [MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme] RESERVED -CVE-2009-1306 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1306 [MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI] RESERVED -CVE-2009-1305 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1305 [Firefox crashes with evidence of memory corruption] RESERVED -CVE-2009-1304 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1304 [Firefox crashes with evidence of memory corruption] RESERVED -CVE-2009-1303 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1303 [Firefox crashes with evidence of memory corruption] RESERVED -CVE-2009-1302 + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1302 [Firefox crashes with evidence of memory corruption] RESERVED + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...) - mpg123 1.7.2-1 (low) NOTE: http://secunia.com/advisories/34587/3/ @@ -2637,9 +2659,8 @@ CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...) - openssl 0.9.8-1 (bug #517791) CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal rendering ...) - - iceape <unfixed> - - xulrunner <unfixed> - - iceweasel <unfixed> + - xulrunner 1.9.0.9-1 + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...) NOT-FOR-US: Veritas network daemon CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)