[Secure-testing-commits] r5471 - data/CVE
Florian Weimer
fw at alioth.debian.org
Sun Feb 18 17:03:17 UTC 2007
Author: fw
Date: 2007-02-18 18:03:14 +0100 (Sun, 18 Feb 2007)
New Revision: 5471
Modified:
data/CVE/list
Log:
Track firefox issues again, reverting r5450.
I think I've also added the annotations for the bugs which where added
after we pulled out the firefox tracking.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-18 16:50:24 UTC (rev 5470)
+++ data/CVE/list 2007-02-18 17:03:14 UTC (rev 5471)
@@ -3,9 +3,10 @@
- xulrunner <unfixed> (high)
- iceape <unfixed> (high)
- icedove <unfixed>
- [sarge] - mozilla-firefox <unfixed> (high)
- [sarge] - mozilla-thunderbird <unfixed>
- [sarge] - mozilla <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed>
+ - mozilla <removed> (high)
+ - firefox <removed> (high)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
@@ -490,8 +491,10 @@
- iceweasel <unfixed> (low)
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
- iceweasel <unfixed> (low)
+ - firefox <removed> (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
- iceweasel <unfixed> (medium)
+ - firefox <removed> (medium)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
@@ -3121,6 +3124,7 @@
NOT-FOR-US: Vortex Blog
CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...)
- iceweasel 2.0.0.1+dfsg-1
+ - firefox <removed>
TODO: check iceape, sarge's firefox
CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...)
NOT-FOR-US: italkplus (Italk+)
@@ -3326,6 +3330,7 @@
- iceweasel 2.0.0.1+dfsg-1 (high)
- xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
+ - firefox <removed> (high)
NOTE: Flaw was introduced in Firefox 1.5.0.4
- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...)
@@ -3334,6 +3339,7 @@
- iceweasel 2.0.0.1+dfsg-1 (high)
- xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
+ - firefox <removed> (high)
- mozilla <removed> (high)
- mozilla-firefox <removed> (high)
- mozilla-thunderbird <removed> (high)
@@ -3344,6 +3350,7 @@
- iceweasel 2.0.0.1+dfsg-1 (high)
- xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
+ - firefox <removed> (high)
- mozilla <removed> (high)
- mozilla-firefox <removed> (high)
- mozilla-thunderbird <removed> (unimportant)
@@ -3355,6 +3362,7 @@
- iceweasel 2.0.0.1+dfsg-1 (high)
- xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
+ - firefox <removed> (high)
- mozilla <removed> (high)
- mozilla-firefox <removed> (high)
- mozilla-thunderbird <removed> (low)
@@ -3364,6 +3372,7 @@
- iceweasel <not-affected> (windows only)
- xulrunner <not-affected> (Windows only)
- iceape <not-affected> (windows only)
+ - firefox <not-affected> (windows only)
- mozilla <not-affected> (windows only)
- mozilla-firefox <not-affected> (windows only)
- mozilla-thunderbird <not-affected> (windows only)
@@ -3374,6 +3383,7 @@
- iceweasel 2.0.0.1+dfsg-1 (high)
- xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
+ - firefox <removed> (high)
- mozilla <removed> (high)
- mozilla-firefox <removed> (high)
- mozilla-thunderbird <removed> (low)
@@ -3386,6 +3396,7 @@
- iceweasel 2.0.0.1+dfsg-1 (high)
- xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
+ - firefox <removed> (high)
- mozilla <removed> (high)
- mozilla-firefox <removed> (high)
- mozilla-thunderbird <removed> (low)
@@ -3396,6 +3407,7 @@
- iceweasel 2.0.0.1+dfsg-1 (medium)
- xulrunner 1.8.0.9-1 (medium)
- iceape 1.0.7-1 (medium)
+ - firefox <removed> (medium)
- mozilla <removed> (medium)
- mozilla-firefox <removed> (medium)
- mozilla-thunderbird <removed> (low)
@@ -5008,12 +5020,14 @@
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-65
+ - firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (high)
- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
NOTE: MFSA-2006-65
+ - firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (medium)
@@ -5266,6 +5280,7 @@
CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
+ - firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- icedove <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
@@ -5636,6 +5651,7 @@
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-65
+ - firefox <removed> (low)
- iceweasel 2.0+dfsg-1 (low)
- icedove 1.5.0.8-1 (low)
- mozilla <unfixed> (low)
@@ -5643,6 +5659,7 @@
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-67
+ - firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (high)
@@ -5652,6 +5669,7 @@
NOTE: MFSA-2006-66
NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
NOTE: the fixes for CVE-2006-4340 were incomplete
+ - firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (high)
@@ -6311,7 +6329,7 @@
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...)
NOT-FOR-US: IBM
CVE-2006-5160 (** DISPUTED ** ...)
- TODO: check
+ - firefox <not-affected> (no real issues)
CVE-2006-5159 (** DISPUTED ** ...)
NOT-FOR-US: Bogus Firefox issue
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
@@ -7584,6 +7602,7 @@
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-64
- mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (high)
- xulrunner 1.8.0.7-1 (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...)
@@ -7593,6 +7612,7 @@
- mozilla <unfixed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...)
NOTE: MFSA-2006-62
+ - firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner 1.8.0.7-1 (low)
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
@@ -7600,10 +7620,12 @@
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-61
- mozilla <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner 1.8.0.7-1 (low)
- thunderbird 1.5.0.7-1
CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
NOTE: MFSA-2006-58
+ - firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
- thunderbird 1.5.0.7-1 (unimportant)
[sarge] - mozilla-firefox <unfixed> (unimportant)
[sarge] - mozilla-thunderbird <unfixed> (unimportant)
@@ -7612,12 +7634,14 @@
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (low)
- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.7-1 (high)
- xulrunner 1.8.0.7-1 (high)
- thunderbird 1.5.0.7-1 (low)
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...)
@@ -7628,6 +7652,7 @@
NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
- xulrunner <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.7-1 (low)
- mozilla <unfixed> (low)
- mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
@@ -7919,6 +7944,7 @@
NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
- mozilla <unfixed> (low)
+ - firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
- xulrunner <not-affected>
[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
@@ -8131,6 +8157,7 @@
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (high)
- xulrunner 1.8.0.7-1 (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
@@ -8215,6 +8242,7 @@
NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
+ - firefox <removed>
- iceweasel 2.0+dfsg-1
- mozilla <unfixed>
- mozilla-firefox <unfixed>
@@ -8339,6 +8367,7 @@
CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...)
NOTE: MFSA-2006-59
- xulrunner 1.8.0.7-1 (medium)
+ - firefox 1.5.dfsg+1.5.0.7-1 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.7-1 (low)
- mozilla-firefox <removed> (unimportant)
@@ -9337,6 +9366,7 @@
- mozilla <unfixed> (medium)
- xulrunner 1.8.0.5-1 (medium)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (unimportant)
[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
@@ -9345,6 +9375,7 @@
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
@@ -9353,6 +9384,7 @@
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
{DSA-1161 DSA-1160 DSA-1159}
@@ -9360,6 +9392,7 @@
- mozilla <unfixed> (medium)
- xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
@@ -9368,6 +9401,7 @@
- mozilla <unfixed> (medium)
- xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
{DSA-1161 DSA-1160 DSA-1159}
@@ -9375,6 +9409,7 @@
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
@@ -9383,6 +9418,7 @@
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
@@ -9391,6 +9427,7 @@
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...)
@@ -9405,6 +9442,7 @@
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
@@ -9412,6 +9450,7 @@
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
@@ -9419,6 +9458,7 @@
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
- mozilla <not-affected> (mozilla 1.7 not affected)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- xulrunner 1.8.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
@@ -9583,6 +9623,7 @@
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
NOT-FOR-US: CS-MARS
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
+ - firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...)
NOT-FOR-US: MSIE
@@ -9698,6 +9739,7 @@
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <not-affected>
- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
@@ -10921,6 +10963,7 @@
- mozilla <not-affected> (mozilla 1.7 not affected)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
+ - firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
@@ -11661,38 +11704,45 @@
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
- mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.4 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-31
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-33
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-34
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-36
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
- mozilla <unfixed> (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-42
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-41
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
@@ -11703,35 +11753,41 @@
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-32
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-32
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-38
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-43
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-37
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-35
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
@@ -11843,6 +11899,7 @@
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
+ - firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
- mozilla-firefox <unfixed> (unimportant)
@@ -12726,6 +12783,7 @@
NOT-FOR-US: MyBB
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...)
NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
+ - firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...)
NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...)
@@ -13555,6 +13613,7 @@
NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
{DSA-1055-1 DSA-1053-1}
+ - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
- mozilla <unfixed> (high)
[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
@@ -13636,6 +13695,7 @@
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-39
+ - firefox 1.5.dfsg+1.5.0.4-1 (low)
- thunderbird <not-affected> (Windows-specific)
- mozilla 2:1.7.13-0.3 (low)
- xulrunner <not-affected> (Windows-specific)
@@ -13742,6 +13802,7 @@
NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2004-2657 (** DISPUTED ** ...)
- mozilla-firefox <not-affected>
+ - firefox <not-affected>
CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...)
NOT-FOR-US: Sun Solaris
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...)
@@ -14004,6 +14065,7 @@
NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...)
{DSA-1051-1 DSA-1046-1}
+ - firefox 1.5
- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
@@ -14107,6 +14169,7 @@
NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
@@ -14116,59 +14179,69 @@
NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla 2:1.7.13-0.1 (low)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla 2:1.7.13-0.1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
@@ -14176,12 +14249,14 @@
- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
@@ -14191,6 +14266,7 @@
- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla 2:1.7.13-0.1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
@@ -14198,6 +14274,7 @@
NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla <unfixed> (high)
- thunderbird 1.5.0.2-1 (medium)
@@ -14205,6 +14282,7 @@
- xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (medium)
@@ -14213,14 +14291,17 @@
NOTE: If print preview (and this bug) can be triggered from JavaScript,
NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
+ - firefox 1.5.dfsg+1.5.0.2-1 (high)
- thunderbird 1.5.0.2-1 (medium)
- xulrunner 1.8.0.1-9
NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
+ - firefox 1.5.dfsg+1.5.0.2-1 (low)
- xulrunner 1.8.0.1-9
NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
@@ -14230,6 +14311,7 @@
NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
{DSA-1051-1 DSA-1046-1}
+ - firefox 1.5.dfsg+1.5.0.2 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
@@ -14743,6 +14825,7 @@
NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
{DSA-1046-1}
+ - firefox 1.5.0.2 (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
@@ -14752,6 +14835,7 @@
NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
{DSA-1046-1}
+ - firefox 1.5.0.2 (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
@@ -14761,6 +14845,7 @@
NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
{DSA-1046-1}
+ - firefox 1.5.0.2-1 (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
@@ -15909,6 +15994,7 @@
{DSA-1051-1 DSA-1046-1}
- thunderbird 1.5.0.2-1
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
+ - firefox 1.5.dfsg+1.5.0.2-1
- xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
NOT-FOR-US: LISTSERV
@@ -16264,6 +16350,7 @@
{DSA-1051-1 DSA-1046-1}
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
+ - firefox 1.5.dfsg+1.5.0.2-1
- xulrunner 1.8.0.1-9
- mozilla 2:1.7.13-0.1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
@@ -16566,12 +16653,14 @@
NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2 (low)
- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
- mozilla 2:1.7.13-0.1 (low)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (high)
@@ -16750,6 +16839,7 @@
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...)
{DSA-1044-1}
- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
+ - firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...)
NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...)
@@ -17194,6 +17284,7 @@
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
+ - firefox <removed> (bug #349339)
- iceweasel <unfixed> (bug #349339)
NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
@@ -17306,6 +17397,7 @@
NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
NOTE: see CVE-2005-4684
+ - firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
[sarge] - mozilla <no-dsa> (Hardly exploitable)
@@ -17742,39 +17834,47 @@
CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
- thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla <not-affected> (Mozilla 1.7 is not affected)
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
- thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla <not-affected> (Mozilla 1.7 is not affected)
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
- thunderbird 1.5.0.2-1
- xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla 2:1.7.13-0.1
- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox <not-affected>
[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...)
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
- mozilla-thunderbird <unfixed>
- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...)
{DSA-1051-1 DSA-1046-1}
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox 1.0.4-2sarge6
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
@@ -19537,6 +19637,7 @@
NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+ - firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
- mozilla 2:1.7.13-0.1 (unimportant)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
@@ -20170,6 +20271,7 @@
NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
+ - firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
- mozilla <unfixed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...)
@@ -25012,6 +25114,7 @@
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
+ - firefox 1.5.dfsg-1 (unimportant)
- mozilla-firefox <unfixed> (bug #327549; unimportant)
- mozilla <unfixed> (bug #327550; unimportant)
- iceweasel <not-affected>
@@ -25083,6 +25186,7 @@
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
+ - firefox <removed> (bug #320539; unimportant)
- iceweasel <unfixed> (bug #320539; unimportant)
- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
- mozilla <unfixed> (bug #320538; unimportant)
@@ -29553,6 +29657,7 @@
{DSA-1051-1 DSA-1046-1}
- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+ - firefox 1.5.dfsg+1.5.0.2-1
- thunderbird 1.5.0.2-1
- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
@@ -32472,6 +32577,7 @@
NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
NOTE: generally try to make sense of anything even remotely resembling HTML.
+ - firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
More information about the Secure-testing-commits
mailing list