diff options
| author | Joey Hess <joeyh@debian.org> | 2005-08-28 19:52:53 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2005-08-28 19:52:53 +0000 |
| commit | 0be31d2bc96436a62e7438070502634324138400 (patch) | |
| tree | 0b21035b8f3b8cdce26c9e3e14d7eb1c62b6f7c8 /data/DTSA/advs | |
| parent | 9cdf9d3fdc602fb05b8951fb97963ce8f005e2d1 (diff) | |
and firefox..
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1704 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
| -rw-r--r-- | data/DTSA/advs/8-mozilla-firefox.adv | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/data/DTSA/advs/8-mozilla-firefox.adv b/data/DTSA/advs/8-mozilla-firefox.adv new file mode 100644 index 0000000000..5fef0a6e4e --- /dev/null +++ b/data/DTSA/advs/8-mozilla-firefox.adv @@ -0,0 +1,78 @@ +dtsa: DTSA-8-1 +source: mozilla-firefox +date: August 28th, 2005 +author: Joey Hess +vuln-type: several vulnerabilities +problem-scope: remote +debian-specific: no +cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 +testing-fix: 1.0.4-2sarge2 +sid-fix: 1.0.6-3 + +Several problems were discovered in Mozilla Firefox: + +CAN-2004-0718 CAN-2005-1937 + + A vulnerability has been discovered in Mozilla Firefox that allows remote + attackers to inject arbitrary Javascript from one page into the frameset of + another site. + +CAN-2005-2260 + + The browser user interface does not properly distinguish between + user-generated events and untrusted synthetic events, which makes it easier + for remote attackers to perform dangerous actions that normally could only be + performed manually by the user. + +CAN-2005-2261 + + XML scripts ran even when Javascript disabled. + +CAN-2005-2262 + + The user can be tricked to executing arbitrary JavaScript code by using a + JavaScript URL as wallpaper. + +CAN-2005-2263 + + It is possible for a remote attacker to execute a callback function in the + context of another domain (i.e. frame). + +CAN-2005-2264 + + By opening a malicious link in the sidebar it is possible for remote + attackers to steal sensitive information. + +CAN-2005-2265 + + Missing input sanitising of InstallVersion.compareTo() can cause the + application to crash. + +CAN-2005-2266 + + Remote attackers could steal sensitive information such as cookies and + passwords from web sites by accessing data in alien frames. + +CAN-2005-2267 + + By using standalone applications such as Flash and QuickTime to open a + javascript: URL, it is possible for a remote attacker to steal sensitive + information and possibly execute arbitrary code. + +CAN-2005-2268 + + It is possible for a Javascript dialog box to spoof a dialog box from a + trusted site and facilitates phishing attacks. + +CAN-2005-2269 + + Remote attackers could modify certain tag properties of DOM nodes that could + lead to the execution of arbitrary script or code. + +CAN-2005-2270 + + The Mozilla browser family does not properly clone base objects, which allows + remote attackers to execute arbitrary code. + +Note that this is the same set of security fixes put into stable in +DSA-775 and DSA-779. |