diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-02-26 21:12:12 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-02-26 21:12:12 +0000 |
| commit | ce31baa9665f484d8a3add4ebbe843d90ebf1b48 (patch) | |
| tree | 56020a00b06949efb0792c0637ab0b83f09c562d /security/vuxml/vuln.xml | |
| parent | 0bb6b0d88bf8ed39bb1e794d3e5eb091d48da2cc (diff) | |
| download | ports-ce31baa9665f484d8a3add4ebbe843d90ebf1b48.tar.gz ports-ce31baa9665f484d8a3add4ebbe843d90ebf1b48.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 78 |
1 files changed, 77 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a6d9bd3ccf4d..ede51ece2c58 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,8 +32,84 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d022754d-8839-11d9-aa18-0001020eed82"> + <topic>mozilla -- insecure temporary directory vulnerability</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>1.0.1,1</lt></range> + </package> + <package> + <name>mozilla</name> + <range><lt>1.7.6,2</lt></range> + </package> + <package> + <name>linux-mozilla</name> + <name>linux-mozilla-devel</name> + <range><lt>1.7.6</lt></range> + </package> + <package> + <name>netscape7</name> + <range><ge>0</ge></range> + </package> + <package> + <!-- These ports are obsolete. --> + <name>de-linux-mozillafirebird</name> + <name>el-linux-mozillafirebird</name> + <name>ja-linux-mozillafirebird-gtk1</name> + <name>ja-mozillafirebird-gtk2</name> + <name>linux-mozillafirebird</name> + <name>ru-linux-mozillafirebird</name> + <name>zhCN-linux-mozillafirebird</name> + <name>zhTW-linux-mozillafirebird</name> + <range><ge>0</ge></range> + </package> + <package> + <!-- These package names are obsolete. --> + <name>de-linux-netscape</name> + <name>de-netscape7</name> + <name>fr-linux-netscape</name> + <name>fr-netscape7</name> + <name>ja-linux-netscape</name> + <name>ja-netscape7</name> + <name>linux-netscape</name> + <name>linux-phoenix</name> + <name>mozilla+ipv6</name> + <name>mozilla-embedded</name> + <name>mozilla-firebird</name> + <name>mozilla-gtk1</name> + <name>mozilla-gtk2</name> + <name>mozilla-gtk</name> + <name>mozilla-thunderbird</name> + <name>phoenix</name> + <name>pt_BR-netscape7</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Mozilla Foundation Security Advisory reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-28.html"> + <p>A predictable name is used for the plugin temporary + directory. A malicious local user could symlink this to + the victim's home directory and wait for the victim to run + Firefox. When Firefox shuts down the victim's directory + would be erased.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.mozilla.org/security/announce/mfsa2005-28.html</url> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=281284</url> + </references> + <dates> + <discovery>2005-02-06</discovery> + <entry>2005-02-26</entry> + </dates> + </vuln> + <vuln vid="cbfde1cd-87eb-11d9-aa18-0001020eed82"> - <topic>mozilla & firefox -- arbitrary code execution vulnerability</topic> + <topic>mozilla -- arbitrary code execution vulnerability</topic> <affects> <package> <name>firefox</name> |