1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
source: xxx
date: Bloptember 99th, 1990
author: xxx
vuln-type: multiple
problem-scope: remote/local
debian-specifc: yes/no
cve: CAN-2005-2968, CAN-2005-2266, CAN-2005-2265, CAN-2005-2261, CAN-2005-1532, CAN-2005-1160, CAN-2005-1159, CAN-2005-0989
vendor-advisory:
testing-fix: xxx
sid-fix: xxx
upgrade: apt-get install xxx
xxx multiline description here
CAN-2005-2968
Thunderbird incorrectly escapes commands in input, fed to it through
the --compose option, which could lead to execution of arbitrary
shell commands.
CAN-2005-2266
Child frames may access parental frames, even if these are in
different access domains and may lead to information leakage of
cookies or pass words.
CAN-2005-2265
Incorrect type checks in InstallVersion.compareTo may lead to a
denial-of-service attack or possibly execution of arbitrary code.
CAN-2005-2261
XBL scripts are even run, if Javascript has been disabled.
CAN-2005-1532
Javascript is inproperly limits its privileges to the calling
context, which could lead to "non-DOM privilege override".
CAN-2005-1160
Overriding properties/methods of DOM nodes could lead to execution
of code with extended "chrome" privileges.
CAN-2005-1159
Native function implementations are not verified, causing Javascript
execution at improper memory addresses allowing denial of service and
potentially arbitrary code execution
CAN-2005-0989
The find_replen function in the Javascript engine allows remote
attackers to read portions of heap memory in a Javascript string via
the lambda replace method.
|
