diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-07-19 21:23:58 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-07-19 21:23:58 +0000 |
commit | 04c38e3a79cc8789fbd51dfe60a00f1112de1075 (patch) | |
tree | 3e061dc0ba4ca6b751389ecdfc228be6b8960905 | |
parent | 1e7cba41b4657e16f09dd7cedf0b13fe4fbf2eca (diff) | |
download | ports-04c38e3a79cc8789fbd51dfe60a00f1112de1075.tar.gz ports-04c38e3a79cc8789fbd51dfe60a00f1112de1075.zip |
Notes
-rw-r--r-- | security/vuxml/vuln.xml | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 041776c04995..6403dc00b425 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,82 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e190ca65-3636-11dc-a697-000c6ec775d9"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.5,1</lt></range> + <range><gt>3.*,1</gt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-thunderbird</name> + <name>mozilla-thunderbird</name> + <name>thunderbird</name> + <range><lt>2.0.0.5</lt></range> + </package> + <!-- Packages which probably will be upgraded --> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><gt>0</gt></range> + </package> + <package> + <name>linux-firefox-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <!-- Deprecated/old names --> + <package> + <name>firefox-ja</name> + <name>linux-mozilla-devel</name> + <name>linux-mozilla</name> + <name>mozilla</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Mozilla Foundation reports of multiple security issues + in Firefox, Seamonkey, and Thunderbird. Several of these + issues can probably be used to run arbitrary code with the + privilege of the user running the program.</p> + <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.2"> + <ul> + <li>MFSA 2007-25 XPCNativeWrapper pollution</li> + <li>MFSA 2007-24 Unauthorized access to wyciwyg:// documents</li> + <li>MFSA 2007-21 Privilege escalation using an event + handler attached to an element not in the document</li> + <li>MFSA 2007-20 Frame spoofing while window is loading</li> + <li>MFSA 2007-19 XSS using addEventListener and setTimeout</li> + <li>MFSA 2007-18 Crashes with evidence of memory corruption</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-3089</cvename> + <cvename>CVE-2007-3734</cvename> + <cvename>CVE-2007-3735</cvename> + <cvename>CVE-2007-3737</cvename> + <cvename>CVE-2007-3738</cvename> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-25.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-24.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-21.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-20.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-19.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-18.html</url> + </references> + <dates> + <discovery>2007-07-17</discovery> + <entry>2007-07-19</entry> + </dates> + </vuln> + <vuln vid="b42e8c32-34f6-11dc-9bc9-001921ab2fa4"> <topic>linux-flashplugin -- critical vulnerabilities</topic> <affects> |