add advisory for mozilla, created with dtsa script but then hand-cleaned up

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1703 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2005-08-28 19:44:10 +0000
committer: Joey Hess <joeyh@debian.org> 2005-08-28 19:44:10 +0000
commit: 9cdf9d3fdc602fb05b8951fb97963ce8f005e2d1 (patch)
tree: a8078337c48ce9a7796f8a5df9e6edfd46ae8934 /data/DTSA/advs
parent: d36d819c8b6dc71c40be5e1a2211bcebb76e34ae (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/data/DTSA/advs/7-mozilla.adv b/data/DTSA/advs/7-mozilla.adv
new file mode 100644
index 0000000000..87cd96ccc0
--- /dev/null
+++ b/data/DTSA/advs/7-mozilla.adv
@@ -0,0 +1,18 @@
+dtsa: DTSA-7-1
+source: mozilla
+date: August 28th, 2005
+author: Joey Hess
+vuln-type: frame injection spoofing
+problem-scope: remote
+debian-specific: no
+cve: CAN-2004-0718 CAN-2005-1937
+testing-fix: 2:1.7.8-1sarge1
+sid-fix: 2:1.7.10-1
+
+A vulnerability has been discovered in Mozilla that allows remote attackers
+to inject arbitrary Javascript from one page into the frameset of another
+site. Thunderbird is not affected by this and Galeon will be automatically
+fixed as it uses Mozilla components. Mozilla Firefox is vulnerable and will
+be covered by a separate advisory.
+
+Note that this is the same security fix put into stable in DSA-777.
author	Joey Hess <joeyh@debian.org>	2005-08-28 19:44:10 +0000
committer	Joey Hess <joeyh@debian.org>	2005-08-28 19:44:10 +0000
commit	9cdf9d3fdc602fb05b8951fb97963ce8f005e2d1 (patch)
tree	a8078337c48ce9a7796f8a5df9e6edfd46ae8934 /data/DTSA/advs
parent	d36d819c8b6dc71c40be5e1a2211bcebb76e34ae (diff)