diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-02-24 18:30:40 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-02-24 18:30:40 +0000 |
| commit | 8f441b95bd0796543872eb33e8ad655c2487ea8e (patch) | |
| tree | 84b03b96d217b50b7cfa96b2f81cb54c31fedffe | |
| parent | 240987d040de9ca50fbb0b74a625a4126340840b (diff) | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d785c72d9d86..701995b841df 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,88 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="12bd6ecf-c430-11db-95c5-000c6ec775d9"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>1.5.0.10,1</lt></range> + <range><gt>2.*,1</gt><lt>2.0.0.2,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>1.5.0.10</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.0.8</lt></range> + <range><ge>1.1</ge></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <name>mozilla-thunderbird</name> + <range><lt>1.5.0.10</lt></range> + </package> + <package> + <name>firefox-ja</name> + <name>linux-firefox-devel</name> + <name>linux-mozilla-devel</name> + <name>linux-mozilla</name> + <name>linux-seamonkey-devel</name> + <name>mozilla</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Mozilla Foundation reports of multiple security issues + in Firefox, Seamonkey, and Thunderbird. Several of these + issues can probably be used to run arbitrary code with the + privilege of the user running the program.</p> + <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.2"> + <ul> + <li>MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks</li> + <li>MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow</li> + <li>MFSA 2007-05 XSS and local file access by opening blocked popups</li> + <li>MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot</li> + <li>MFSA 2007-03 Information disclosure through cache collisions</li> + <li>MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks</li> + <li>MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2006-6077</cvename> + <cvename>CVE-2007-0008</cvename> + <cvename>CVE-2007-0009</cvename> + <cvename>CVE-2007-0775</cvename> + <cvename>CVE-2007-0776</cvename> + <cvename>CVE-2007-0777</cvename> + <cvename>CVE-2007-0778</cvename> + <cvename>CVE-2007-0779</cvename> + <cvename>CVE-2007-0780</cvename> + <cvename>CVE-2007-0800</cvename> + <cvename>CVE-2007-0981</cvename> + <cvename>CVE-2007-0995</cvename> + <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482</url> + <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-01.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-02.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-03.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-04.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-05.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-06.html</url> + <url>http://www.mozilla.org/security/announce/2007/mfsa2007-07.html</url> + </references> + <dates> + <discovery>2007-02-23</discovery> + <entry>2007-02-24</entry> + </dates> + </vuln> + <vuln vid="afdf500f-c1f6-11db-95c5-000c6ec775d9"> <topic>snort -- DCE/RPC preprocessor vulnerability</topic> <affects> |