Author: fw Date: 2009-09-09 18:34:09 +0000 (Wed, 09 Sep 2009) New Revision: 12775 Modified: data/CVE/list Log: Open redirectors are web site issues, not browser bugs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-09 17:15:17 UTC (rev 12774) +++ data/CVE/list 2009-09-09 18:34:09 UTC (rev 12775) @@ -249,19 +249,20 @@ CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...) NOT-FOR-US: Apple Safari CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...) - TODO: check - NOTE: I am not sure if this is even a security issue, sure that is javascript executed in - NOTE: the content of the browser but I''m not sure if anything _cross-site_ works as well + NOTE: This is a web site issue (open redirector), not a browser problem. CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) - TODO: check + NOTE: This is a web site issue (open redirector), not a browser problem. + - iceweasel <unfixed> (unimportant) CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...) NOT-FOR-US: Opera CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...) - TODO: check + NOTE: This is a web site issue (open redirector), not a browser problem. CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...) - - chromium-browser <itp> (bug #520324) + - chromium-browser <itp> (bug #520324; unimportant) + NOTE: This is a web site issue (open redirector), not a browser problem. CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) - TODO: check + NOTE: This is a web site issue (open redirector), not a browser problem. + - iceweasel <unfixed> (unimportant) CVE-2009-3009 RESERVED CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)