diff options
author | Joey Hess <joeyh@debian.org> | 2005-08-28 19:44:10 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-08-28 19:44:10 +0000 |
commit | 9cdf9d3fdc602fb05b8951fb97963ce8f005e2d1 (patch) | |
tree | a8078337c48ce9a7796f8a5df9e6edfd46ae8934 /data/DTSA/advs | |
parent | d36d819c8b6dc71c40be5e1a2211bcebb76e34ae (diff) |
add advisory for mozilla, created with dtsa script but then hand-cleaned up
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1703 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/7-mozilla.adv | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv new file mode 100644 index 0000000000..87cd96ccc0 --- /dev/null +++ b/data/DTSA/advs/7-mozilla.adv @@ -0,0 +1,18 @@ +dtsa: DTSA-7-1 +source: mozilla +date: August 28th, 2005 +author: Joey Hess +vuln-type: frame injection spoofing +problem-scope: remote +debian-specific: no +cve: CAN-2004-0718 CAN-2005-1937 +testing-fix: 2:1.7.8-1sarge1 +sid-fix: 2:1.7.10-1 + +A vulnerability has been discovered in Mozilla that allows remote attackers +to inject arbitrary Javascript from one page into the frameset of another +site. Thunderbird is not affected by this and Galeon will be automatically +fixed as it uses Mozilla components. Mozilla Firefox is vulnerable and will +be covered by a separate advisory. + +Note that this is the same security fix put into stable in DSA-777. |