[Secure-testing-commits] r4478 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Mon Jul 31 17:58:17 UTC 2006
Author: stef-guest
Date: 2006-07-31 17:58:15 +0000 (Mon, 31 Jul 2006)
New Revision: 4478
Modified:
data/CVE/list
Log:
- track MFSA-2006-46 to -56
- firefox has been fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-30 16:55:27 UTC (rev 4477)
+++ data/CVE/list 2006-07-31 17:58:15 UTC (rev 4478)
@@ -49,30 +49,109 @@
- cheesetracker <unfixed> (bug #380364; low)
CVE-2006-3813
RESERVED
-CVE-2006-3812
+CVE-2006-3812 [firefox/mozilla chrome: scheme loading remote content]
RESERVED
-CVE-2006-3811
+ NOTE: MFSA-2006-56
+ - mozilla <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
+ - mozilla-firefox <removed> (medium)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
+ - thunderbird <unfixed> (unimportant)
+ - mozilla-thunderbird <removed> (unimportant)
+CVE-2006-3811 [firefox/mozilla Crashes with evidence of memory corruption (rv:1.8.0.5)]
RESERVED
-CVE-2006-3810
+ NOTE: MFSA-2006-55
+ - mozilla <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <removed> (medium)
+CVE-2006-3810 [firefox/mozilla XSS with XPCNativeWrapper(window).Function(...)]
RESERVED
-CVE-2006-3809
+ NOTE: MFSA-2006-54
+ - mozilla <not-affected> (mozilla 1.7 not affected)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <not-affected>
+CVE-2006-3809 [firefox/mozilla UniversalBrowserRead privilege escalation]
RESERVED
-CVE-2006-3808
+ NOTE: MFSA-2006-53
+ - mozilla <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
+ - mozilla-firefox <removed> (medium)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <removed> (medium)
+CVE-2006-3808 [firefox/mozilla PAC privilege escalation using Function.prototype.call]
RESERVED
-CVE-2006-3807
+ NOTE: MFSA-2006-52
+ - mozilla <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
+ - mozilla-firefox <removed> (medium)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
+CVE-2006-3807 [firefox/mozilla Privilege escalation using named-functions and redefined "new Object()"]
RESERVED
-CVE-2006-3806
+ NOTE: MFSA-2006-51
+ - mozilla <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <removed> (medium)
+CVE-2006-3806 [firefox/mozilla JavaScript engine vulnerabilities]
RESERVED
-CVE-2006-3805
+ NOTE: MFSA-2006-50
+ - mozilla <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <removed> (medium)
+CVE-2006-3805 [firefox/mozilla JavaScript engine vulnerabilities]
RESERVED
-CVE-2006-3804
+ NOTE: MFSA-2006-50
+ - mozilla <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <removed> (medium)
+CVE-2006-3804 [thunderbird/mozilla Heap buffer overwrite on malformed VCard]
RESERVED
-CVE-2006-3803
+ NOTE: MFSA-2006-49
+ - mozilla <unfixed> (high)
+ - thunderbird <unfixed> (high)
+ - mozilla-thunderbird <removed> (high)
+CVE-2006-3803 [firefox/mozilla JavaScript new Function race condition]
RESERVED
-CVE-2006-3802
+ NOTE: MFSA-2006-48
+ - mozilla <not-affected> (mozilla 1.7 not affected)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <not-affected>
+CVE-2006-3802 [firefox/mozilla Native DOM methods can be hijacked across domains]
RESERVED
-CVE-2006-3801
+ NOTE: MFSA-2006-47
+ - mozilla <not-affected> (mozilla 1.7 not affected)
+ - xulrunner <unfixed> (medium)
+ - mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <not-affected>
+CVE-2006-3801 [firefox/mozilla Code execution through deleted frame reference]
RESERVED
+ NOTE: MFSA-2006-44
+ - mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - mozilla-thunderbird <not-affected> (only firefox >= 1.5)
+ - mozilla <not-affected> (mozilla 1.7 not affected)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - xulrunner <unfixed> (high)
+ - thunderbird <unfixed> (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
@@ -332,8 +411,15 @@
NOT-FOR-US: FatWire Content Server
CVE-2006-3678
RESERVED
-CVE-2006-3677
+CVE-2006-3677 [mozilla/firefox Javascript navigator Object Vulnerability]
RESERVED
+ NOTE: MFSA-2006-45
+ - mozilla <not-affected> (mozilla 1.7 not affected)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <not-affected>
+ - mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
TODO: check
CVE-2006-3675
@@ -1504,8 +1590,15 @@
NOT-FOR-US: phpRaid
CVE-2006-3114
RESERVED
-CVE-2006-3113
+CVE-2006-3113 [mozilla/firefox Memory corruption with simultaneous events]
RESERVED
+ NOTE: MFSA-2006-46
+ - mozilla <not-affected> (mozilla 1.7 not affected)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
+ - thunderbird <unfixed> (medium)
+ - mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...)
More information about the Secure-testing-commits
mailing list