diff options
| author | Joey Hess <joeyh@debian.org> | 2005-10-19 23:10:21 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-10-19 23:10:21 +0000 |
| commit | 20cd29d934ef16cee0a9d683f5ac4233739c1a12 (patch) | |
| tree | 0a755eecca326176394c24227671bdb9c379403c /data/DTSA/advs/14-mozilla.adv | |
| parent | 42d226f0d20fb9aaf7c03c81e97c4a5d25e35e70 (diff) | |
update references to CANs to be CVEs and complete CVE transition
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2462 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs/14-mozilla.adv')
| -rw-r--r-- | data/DTSA/advs/14-mozilla.adv | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/data/DTSA/advs/14-mozilla.adv b/data/DTSA/advs/14-mozilla.adv index 64f65a2bc9..c059327f4a 100644 --- a/data/DTSA/advs/14-mozilla.adv +++ b/data/DTSA/advs/14-mozilla.adv @@ -4,7 +4,7 @@ author: Joey Hess vuln-type: several problem-scope: remote debian-specifc: no -cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 +cve: CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 testing-fix: 2:1.7.8-1sarge2 sid-fix: 2:1.7.10-1 upgrade: apt-get install mozilla @@ -15,49 +15,49 @@ basically version 1.7.10 with the version number rolled back, and hence still named 1.7.8. The Common Vulnerabilities and Exposures project identifies the following problems: -CAN-2004-0718, CAN-2005-1937 +CVE-2004-0718, CVE-2005-1937 A vulnerability has been discovered in Mozilla that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. -CAN-2005-2260 +CVE-2005-2260 The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. -CAN-2005-2261 +CVE-2005-2261 XML scripts ran even when Javascript disabled. -CAN-2005-2263 +CVE-2005-2263 It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame). -CAN-2005-2265 +CVE-2005-2265 Missing input sanitising of InstallVersion.compareTo() can cause the application to crash. -CAN-2005-2266 +CVE-2005-2266 Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames. -CAN-2005-2268 +CVE-2005-2268 It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks. -CAN-2005-2269 +CVE-2005-2269 Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code. -CAN-2005-2270 +CVE-2005-2270 The Mozilla browser family does not properly clone base objects, which allows remote attackers to execute arbitrary code. |