[Secure-testing-commits] r1956 - data/DTSA/advs

Joey Hess joeyh at costa.debian.org
Tue Sep 13 18:10:05 UTC 2005 

Author: joeyh
Date: 2005-09-13 18:10:04 +0000 (Tue, 13 Sep 2005)
New Revision: 1956

Added:
   data/DTSA/advs/14-mozilla.adv
Removed:
   data/DTSA/advs/18-mozilla.adv
Log:
changed adv number


Copied: data/DTSA/advs/14-mozilla.adv (from rev 1952, data/DTSA/advs/18-mozilla.adv)

Deleted: data/DTSA/advs/18-mozilla.adv
===================================================================
--- data/DTSA/advs/18-mozilla.adv	2005-09-13 18:04:27 UTC (rev 1955)
+++ data/DTSA/advs/18-mozilla.adv	2005-09-13 18:10:04 UTC (rev 1956)
@@ -1,65 +0,0 @@
-source: mozilla
-date: September 13th, 2005
-author: Joey Hess
-vuln-type: several
-problem-scope: remote
-debian-specifc: no
-cve: CAN-2004-0718 CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
-testing-fix: 1.7.8-1sarge2
-sid-fix: 1.7.10-1
-upgrade: apt-get install mozilla
-
-Several problems have been discovered in Mozilla. Since the usual praxis of
-backporting apparently does not work for this package, this update is
-basically version 1.7.10 with the version number rolled back, and hence still
-named 1.7.8.  The Common Vulnerabilities and Exposures project identifies the
-following problems:
-
-CAN-2004-0718, CAN-2005-1937
-
-    A vulnerability has been discovered in Mozilla that allows remote
-    attackers to inject arbitrary Javascript from one page into the
-    frameset of another site.
-
-CAN-2005-2260
-
-    The browser user interface does not properly distinguish between
-    user-generated events and untrusted synthetic events, which makes
-    it easier for remote attackers to perform dangerous actions that
-    normally could only be performed manually by the user.
-
-CAN-2005-2261
-
-    XML scripts ran even when Javascript disabled.
-
-CAN-2005-2263
-
-    It is possible for a remote attacker to execute a callback
-    function in the context of another domain (i.e. frame).
-
-CAN-2005-2265
-
-    Missing input sanitising of InstallVersion.compareTo() can cause
-    the application to crash.
-
-CAN-2005-2266
-
-    Remote attackers could steal sensitive information such as cookies
-    and passwords from web sites by accessing data in alien frames.
-
-CAN-2005-2268
-
-    It is possible for a Javascript dialog box to spoof a dialog box
-    from a trusted site and facilitates phishing attacks.
-
-CAN-2005-2269
-
-    Remote attackers could modify certain tag properties of DOM nodes
-    that could lead to the execution of arbitrary script or code.
-
-CAN-2005-2270
-
-    The Mozilla browser family does not properly clone base objects,
-    which allows remote attackers to execute arbitrary code.
-
-Note that this is the same update contained in DSA-810-1 for Debian stable.

More information about the Secure-testing-commits mailing list