I guess these will be adressed in the upcoming 1.0.1. Mike
On Wed, Feb 09, 2005 at 12:05:51PM -0500, Joey Hess <[EMAIL PROTECTED]> wrote: > Package: mozilla-firefox > Version: 1.0+dfsg.1-5 > Tags: security > Severity: grave > > Martin Schulze wrote: > > Please make sure these problems are fixed in the package in sarge. > > When you need to upload a fixed package please add the CVE ids in > > the proper changelog entry. > > Let's file a bug for tracking.. > > > ====================================================== > > Candidate: CAN-2005-0231 > > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231 > > Final-Decision: > > Interim-Decision: > > Modified: > > Proposed: > > Assigned: 20050207 > > Category: SF > > Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0] > > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781134617144&w=2 > > Reference: MISC:http://www.mikx.de/firetabbing/ > > > > Firefox 1.0 does not invoke the Javascript Security Manager when a > > user drags a javascript: URL to a tab, which could allos remote > > attackers to bypass the security model. > > > > > > > > ====================================================== > > Candidate: CAN-2005-0232 > > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232 > > Final-Decision: > > Interim-Decision: > > Modified: > > Proposed: > > Assigned: 20050207 > > Category: SF > > Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0] > > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781055630856&w=2 > > Reference: MISC:http://www.mikx.de/fireflashing/ > > > > Firefox 1.0 allows remote attackers to modify Boolean configuration > > parameters for the about:config site by using a plugin such as Flash, > > and the -moz-opacity filter, to display the about:config site then > > cause the user to double-click at a certain screen position. > > > > Regards, > > > > Joey > > > > -- > > Open source is important from a technical angle. -- Linus > > Torvalds > > > > -- > see shy jo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
