[Secure-testing-commits] r41232 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Apr 27 11:55:04 UTC 2016
Author: jmm
Date: 2016-04-27 11:55:04 +0000 (Wed, 27 Apr 2016)
New Revision: 41232
Modified:
data/CVE/list
Log:
iceweasel is removed from sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-27 11:50:38 UTC (rev 41231)
+++ data/CVE/list 2016-04-27 11:55:04 UTC (rev 41232)
@@ -3469,7 +3469,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2805 [Memory safety bug fixed in Firefox ESR 38.8]
RESERVED
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
- firefox <not-affected> (Only affects Firefox ESR 38.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
@@ -3483,7 +3483,7 @@
RESERVED
CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3491,7 +3491,7 @@
- graphite2 1.3.6-1
CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3499,7 +3499,7 @@
- graphite2 1.3.6-1
CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3507,7 +3507,7 @@
- graphite2 1.3.6-1
CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3515,7 +3515,7 @@
- graphite2 1.3.6-1
CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3523,7 +3523,7 @@
- graphite2 1.3.6-1
CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3531,7 +3531,7 @@
- graphite2 1.3.6-1
CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3539,7 +3539,7 @@
- graphite2 1.3.6-1
CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 before ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3547,7 +3547,7 @@
- graphite2 1.3.6-1
CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3555,7 +3555,7 @@
- graphite2 1.3.6-1
CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3563,7 +3563,7 @@
- graphite2 1.3.6-1
CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3571,7 +3571,7 @@
- graphite2 1.3.6-1
CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -3579,7 +3579,7 @@
- graphite2 1.3.6-1
CVE-2016-2790 (The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -6383,7 +6383,7 @@
CVE-2016-1980
RESERVED
CVE-2016-1979 (Use-after-free vulnerability in the ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6402,7 +6402,7 @@
- nss 2:3.21-1
CVE-2016-1977 (The Machine::Code::decoder::analysis::set_ref function in Graphite 2 ...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -6414,13 +6414,13 @@
- iceweasel <not-affected> (Windows-specific)
CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6440,7 +6440,7 @@
- firefox-esr 45.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6449,7 +6449,7 @@
- brotli 0.3.0+dfsg-3 (bug #817233)
NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6457,26 +6457,26 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
CVE-2016-1965 (Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...)
{DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6484,21 +6484,21 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
CVE-2016-1962 (Use-after-free vulnerability in the ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
CVE-2016-1961 (Use-after-free vulnerability in the nsHTMLDocument::SetBody function ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -6506,32 +6506,32 @@
CVE-2016-1959 (The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows ...)
- firefox-esr 45.0esr-1
- firefox 45.0-1
- - iceweasel <unfixed>
+ - iceweasel <removed>
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
CVE-2016-1958 (browser/base/content/browser.js in Mozilla Firefox before 45.0 and ...)
{DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6539,13 +6539,13 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
CVE-2016-1954 (The nsCSPContext::SendReports function in ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
@@ -6553,7 +6553,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
@@ -6561,7 +6561,7 @@
RESERVED
CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...)
{DSA-3520-1 DSA-3510-1}
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
- icedove 38.7.0-1
@@ -6569,7 +6569,7 @@
- nss 2:3.23-1
NOTE: NSS fixed in 3.21.1
CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the ...)
- - iceweasel <unfixed>
+ - iceweasel <removed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -66475,7 +66475,7 @@
CVE-2013-6243 (SQL injection vulnerability in the Landing Pages plugin 1.2.3, before ...)
NOT-FOR-US: WordPress Landing Pages Plugin
CVE-2013-6167 (Mozilla Firefox through 27 sends HTTP Cookie headers without first ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
CVE-2013-6166 (Google Chrome before 29 sends HTTP Cookie headers without first ...)
- chromium-browser 31.0.1650.57-1 (low)
@@ -101090,7 +101090,7 @@
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-4688 (Mozilla Firefox 8.0.1 and earlier does not prevent capture of data ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
CVE-2011-4687 (Opera before 11.60 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Opera
CVE-2011-4686 (Unspecified vulnerability in the Web Workers implementation in Opera ...)
@@ -114918,7 +114918,7 @@
NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...)
- xulrunner <removed> (unimportant)
- - iceweasel <unfixed> (unimportant; bug #627552)
+ - iceweasel <removed> (unimportant; bug #627552)
NOTE: Negligable impact
CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
@@ -133248,7 +133248,7 @@
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
NOT-FOR-US: Opera
CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...)
@@ -133258,7 +133258,7 @@
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...)
{DSA-1887-1}
- rails 2.2.3-1 (low; bug #545063)
@@ -140712,7 +140712,7 @@
CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...)
NOT-FOR-US: DotNetNuke
CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser DoS not treated as security issues
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
NOT-FOR-US: phpScheduleIt
@@ -143802,7 +143802,7 @@
CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...)
NOT-FOR-US: Internet Explorer
CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes not treated as security issues
CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to ...)
NOT-FOR-US: Apple Safari
@@ -144231,7 +144231,7 @@
NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...)
{DSA-1907-1 DTSA-203-1}
@@ -147780,7 +147780,7 @@
CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...)
- viewvc 1.0.9-1 (bug #500779; unimportant)
CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: reproducible but browser DoS not treated as security issue
CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...)
NOT-FOR-US: Windows Explorer
@@ -150029,7 +150029,7 @@
CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 ...)
NOT-FOR-US: phpMyRealty
CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: browser dos not treated as security issues
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...)
{DSA-1695-1}
@@ -153371,7 +153371,7 @@
CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...)
NOT-FOR-US: WatchFire
CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes / hangs not treated as security issues
CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
NOT-FOR-US: pnFlashGames
@@ -153703,7 +153703,7 @@
CVE-2008-1879
RESERVED
CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: browser dos not treated as security issues
NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
@@ -160229,7 +160229,7 @@
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...)
NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes not treated as security problems
CVE-2007-5895
RESERVED
@@ -162017,7 +162017,7 @@
NOTE: The underlying PHP issue has been fixed in DSA 1206.
NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
NOTE: equivalent strings in UTF-7
NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
@@ -164861,7 +164861,7 @@
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...)
- mozilla-firefox <removed> (unimportant)
- mozilla <removed> (unimportant)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
- iceape <removed> (unimportant)
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -168981,7 +168981,7 @@
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
NOT-FOR-US: PHPChain
@@ -170220,7 +170220,7 @@
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -170666,7 +170666,7 @@
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
- - iceweasel <unfixed> (unimportant; bug #556267)
+ - iceweasel <removed> (unimportant; bug #556267)
[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
[lenny] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
@@ -171225,7 +171225,7 @@
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: I don't believe this has relevant security impact, such a black list
NOTE: will register URLs found in the wild and the used adresses will be
NOTE: volatile anyway
@@ -172575,7 +172575,7 @@
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Not exploitable
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
NOT-FOR-US: Connectix Boards
@@ -172990,7 +172990,7 @@
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...)
NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
- - iceweasel <unfixed> (unimportant; bug #556268)
+ - iceweasel <removed> (unimportant; bug #556268)
- iceape <removed> (unimportant)
- epiphany-browser <unfixed> (unimportant; bug #556272)
NOTE: only epiphany-gecko backend affected
@@ -174745,7 +174745,7 @@
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
NOTE: Browser crashes not treated as security problems
NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
@@ -178866,7 +178866,7 @@
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
- firefox 45.0-1 (unimportant)
- firefox-esr 45.0esr-1 (unimportant)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
- icedove <unfixed> (unimportant)
- mozilla <removed> (unimportant)
- xulrunner <unfixed> (unimportant)
@@ -185526,7 +185526,7 @@
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
- firefox 45.0-1 (unimportant)
- firefox-esr 45.0esr-1 (unimportant)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
- mozilla <removed> (unimportant)
- mozilla-firefox <removed> (unimportant)
- xulrunner <unfixed> (unimportant)
@@ -191055,7 +191055,7 @@
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
NOTE: see CVE-2005-4684
- firefox <removed> (unimportant)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
- mozilla <removed> (unimportant)
[sarge] - mozilla <no-dsa> (Hardly exploitable)
- xulrunner <unfixed> (unimportant)
@@ -198848,7 +198848,7 @@
- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
- firefox <removed> (bug #320539; unimportant)
- - iceweasel <unfixed> (bug #320539; unimportant)
+ - iceweasel <removed> (bug #320539; unimportant)
- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
- mozilla <removed> (bug #320538; unimportant)
NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
@@ -206243,7 +206243,7 @@
NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
NOTE: generally try to make sense of anything even remotely resembling HTML.
- firefox <removed> (unimportant)
- - iceweasel <unfixed> (unimportant)
+ - iceweasel <removed> (unimportant)
- mozilla <removed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
NOT-FOR-US: mailcarrier
More information about the Secure-testing-commits
mailing list