[Secure-testing-commits] r6152 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jul 19 07:53:05 UTC 2007 

Author: jmm-guest
Date: 2007-07-19 07:53:04 +0000 (Thu, 19 Jul 2007)
New Revision: 6152

Modified:
   data/CVE/list
Log:
new mozilla issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-18 22:08:52 UTC (rev 6151)
+++ data/CVE/list	2007-07-19 07:53:04 UTC (rev 6152)
@@ -47,16 +47,23 @@
 	RESERVED
 CVE-2007-3739
 	RESERVED
-CVE-2007-3738
+CVE-2007-3738 [Firefox XPCNativeWrapper code injection]
 	RESERVED
-CVE-2007-3737
+	- iceweasel <unfixed> (medium)
+CVE-2007-3737 [Firefox insecure event handler code injection]
 	RESERVED
-CVE-2007-3736
+	- iceweasel <unfixed>
+CVE-2007-3736 [Firefox addEventListener() and setTimeout () same-origin bypass]
 	RESERVED
-CVE-2007-3735
+	- iceweasel <unfixed> (high)
+CVE-2007-3735 [memory corruption in layout engine]
 	RESERVED
-CVE-2007-3734
+	- iceweasel <unfixed> (high)
+	- icedove <unfixed> (high)
+CVE-2007-3734 [memory corruption in js engine]
 	RESERVED
+	- iceweasel <unfixed> (high)
+	- icedove <unfixed> (high)
 CVE-2007-3733
 	RESERVED
 CVE-2007-3732
@@ -186,7 +193,8 @@
 CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
 	TODO: check
 CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
-	TODO: check
+	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
+	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
 CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
 	TODO: check
 CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
@@ -214,7 +222,7 @@
 CVE-2007-3657 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...)
-	TODO: check
+	- iceweasel <unfixed> (medium)
 CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
 	TODO: check
 CVE-2007-3654
@@ -1085,11 +1093,11 @@
 CVE-2007-3286
 	RESERVED
 CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...)
-	- iceweasel <unfixed> (medium)
-	- iceape <unfixed> (medium)
-	- firefox <removed> (medium)
-	- mozilla <removed> (medium)
-	- xulrunner <unfixed> (medium)
+	- iceweasel <unfixed> (low)
+	- iceape <unfixed> (low)
+	- firefox <removed> (low)
+	- mozilla <removed> (low)
+	- xulrunner <unfixed> (low)
 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)

More information about the Secure-testing-commits mailing list