[Secure-testing-commits] r3804 - data/CVE

Florian Weimer fw at costa.debian.org
Fri Apr 14 12:17:11 UTC 2006 

Author: fw
Date: 2006-04-14 12:16:48 +0000 (Fri, 14 Apr 2006)
New Revision: 3804

Modified:
   data/CVE/list
Log:
CVE-2006-1731, CVE-2006-1730, CVE-2006-1729, CVE-2006-1728,
CVE-2006-1727, CVE-2006-1726, CVE-2006-1725, CVE-2006-1724,
CVE-2006-1723, CVE-2006-1531, CVE-2006-1530, CVE-2006-1529:
new Mozilla bugs

(More to come, this commit intends to prevent duplicate work.)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-14 10:01:15 UTC (rev 3803)
+++ data/CVE/list	2006-04-14 12:16:48 UTC (rev 3804)
@@ -114,23 +114,61 @@
 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	TODO: check
 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- mozilla-firefox <unfixed> (high)
+	- mozilla-browser <unfixed> (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <unfixed> (medium)
+	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
+	NOTE: exploitable in the default configuration.
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	NOTE: Can likely be used to steal OpenSSH keys and the like.
 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- mozilla-firefox <unfixed> (high)
+	- mozilla-browser <unfixed> (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <unfixed> (medium)
 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <unfixed> (medium)
+	NOTE: If print preview (and this bug) can be triggered from JavaScript,
+	NOTE: the urgency should probably be raised.
 CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- thunderbird <unfixed> (medium)
+	NOTE: New bug in Firefox 1.5.
 CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
-	TODO: check
+	- firefox <unfixed> (low)
+	NOTE: New bug in Firefox 1.5.
 CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <unfixed> (low)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <unfixed> (medium)
+	- mozilla-browser <unfixed> (medium)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <unfixed> (low)
+	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
 	TODO: check
 CVE-2006-1721 (Unspecified vulnerability in the CMU Cyrus Simple Authentication and ...)
@@ -615,11 +653,29 @@
 CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...)
 	NOT-FOR-US: PHP Classifieds
 CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	TODO: check
+	- firefox <unfixed> (medium)
+	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
+	- thunderbird <unfixed> (low)
+	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	NOTE: MFSA2006-20 says exploitability has not been confirmed.
+	NOTE: Thunderbird is potentially affected as well, but not in the
+	NOTE: default configuration.
 CVE-2006-1528
 	RESERVED
 CVE-2006-1527

More information about the Secure-testing-commits mailing list