[Secure-testing-commits] r4478 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Mon Jul 31 17:58:17 UTC 2006


Author: stef-guest
Date: 2006-07-31 17:58:15 +0000 (Mon, 31 Jul 2006)
New Revision: 4478

Modified:
   data/CVE/list
Log:
- track MFSA-2006-46 to -56
- firefox has been fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-30 16:55:27 UTC (rev 4477)
+++ data/CVE/list	2006-07-31 17:58:15 UTC (rev 4478)
@@ -49,30 +49,109 @@
 	- cheesetracker <unfixed> (bug #380364; low)
 CVE-2006-3813
 	RESERVED
-CVE-2006-3812
+CVE-2006-3812 [firefox/mozilla  chrome: scheme loading remote content]
 	RESERVED
-CVE-2006-3811
+	NOTE: MFSA-2006-56
+	- mozilla <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
+	- mozilla-firefox <removed> (medium)
+	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
+	- thunderbird <unfixed> (unimportant)
+	- mozilla-thunderbird <removed> (unimportant)
+CVE-2006-3811 [firefox/mozilla Crashes with evidence of memory corruption (rv:1.8.0.5)]
 	RESERVED
-CVE-2006-3810
+	NOTE: MFSA-2006-55
+	- mozilla <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <removed> (high)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <removed> (medium)
+CVE-2006-3810 [firefox/mozilla XSS with XPCNativeWrapper(window).Function(...)]
 	RESERVED
-CVE-2006-3809
+	NOTE: MFSA-2006-54
+	- mozilla <not-affected> (mozilla 1.7 not affected)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <not-affected> (only firefox >= 1.5)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <not-affected>
+CVE-2006-3809 [firefox/mozilla UniversalBrowserRead privilege escalation]
 	RESERVED
-CVE-2006-3808
+	NOTE: MFSA-2006-53
+	- mozilla <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
+	- mozilla-firefox <removed> (medium)
+	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <removed> (medium)
+CVE-2006-3808 [firefox/mozilla PAC privilege escalation using Function.prototype.call]
 	RESERVED
-CVE-2006-3807
+	NOTE: MFSA-2006-52
+	- mozilla <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
+	- mozilla-firefox <removed> (medium)
+	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
+CVE-2006-3807 [firefox/mozilla Privilege escalation using named-functions and redefined "new Object()"]
 	RESERVED
-CVE-2006-3806
+	NOTE: MFSA-2006-51
+	- mozilla <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <removed> (high)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <removed> (medium)
+CVE-2006-3806 [firefox/mozilla JavaScript engine vulnerabilities]
 	RESERVED
-CVE-2006-3805
+	NOTE: MFSA-2006-50
+	- mozilla <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <removed> (high)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <removed> (medium)
+CVE-2006-3805 [firefox/mozilla JavaScript engine vulnerabilities]
 	RESERVED
-CVE-2006-3804
+	NOTE: MFSA-2006-50
+	- mozilla <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <removed> (high)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <removed> (medium)
+CVE-2006-3804 [thunderbird/mozilla  Heap buffer overwrite on malformed VCard]
 	RESERVED
-CVE-2006-3803
+	NOTE: MFSA-2006-49
+	- mozilla <unfixed> (high)
+	- thunderbird <unfixed> (high)
+	- mozilla-thunderbird <removed> (high)
+CVE-2006-3803 [firefox/mozilla  JavaScript new Function race condition]
 	RESERVED
-CVE-2006-3802
+	NOTE: MFSA-2006-48
+	- mozilla <not-affected> (mozilla 1.7 not affected)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <not-affected> (only firefox >= 1.5)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <not-affected>
+CVE-2006-3802 [firefox/mozilla Native DOM methods can be hijacked across domains]
 	RESERVED
-CVE-2006-3801
+	NOTE: MFSA-2006-47
+	- mozilla <not-affected> (mozilla 1.7 not affected)
+	- xulrunner <unfixed> (medium)
+	- mozilla-firefox <not-affected> (only firefox >= 1.5)
+	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <not-affected>
+CVE-2006-3801 [firefox/mozilla Code execution through deleted frame reference]
 	RESERVED
+	NOTE: MFSA-2006-44
+	- mozilla-firefox <not-affected> (only firefox >= 1.5)
+	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
+	- mozilla <not-affected> (mozilla 1.7 not affected)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- xulrunner <unfixed> (high)
+	- thunderbird <unfixed> (medium)
 CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
 	NOT-FOR-US: AFCommerce
 CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
@@ -332,8 +411,15 @@
 	NOT-FOR-US: FatWire Content Server
 CVE-2006-3678
 	RESERVED
-CVE-2006-3677
+CVE-2006-3677 [mozilla/firefox  Javascript navigator Object Vulnerability]
 	RESERVED
+	NOTE: MFSA-2006-45
+	- mozilla <not-affected> (mozilla 1.7 not affected)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <not-affected> (only firefox >= 1.5)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <not-affected>
+	- mozilla-thunderbird <not-affected>
 CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
 	TODO: check
 CVE-2006-3675
@@ -1504,8 +1590,15 @@
 	NOT-FOR-US: phpRaid
 CVE-2006-3114
 	RESERVED
-CVE-2006-3113
+CVE-2006-3113 [mozilla/firefox  Memory corruption with simultaneous events]
 	RESERVED
+	NOTE: MFSA-2006-46
+	- mozilla <not-affected> (mozilla 1.7 not affected)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <not-affected> (only firefox >= 1.5)
+	- firefox 1.5.dfsg+1.5.0.5-1 (high)
+	- thunderbird <unfixed> (medium)
+	- mozilla-thunderbird <not-affected>
 CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Chipmailer
 CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...)




More information about the Secure-testing-commits mailing list