Your message dated Thu, 10 Feb 2005 01:47:39 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#294415: fixed in mozilla-firefox 1.0+dfsg.1-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Feb 2005 17:05:32 +0000
>From [EMAIL PROTECTED] Wed Feb 09 09:05:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CyvHQ-0006Z3-00; Wed, 09 Feb 2005 09:05:32 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 0875B17ED6
for <[EMAIL PROTECTED]>; Wed, 9 Feb 2005 17:04:12 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 7E4E06E20E; Wed, 9 Feb 2005 12:05:52 -0500 (EST)
Date: Wed, 9 Feb 2005 12:05:51 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Two problems in Firefox
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="/NkBOFFp2J2Af1nK"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: mozilla-firefox
Version: 1.0+dfsg.1-5
Tags: security
Severity: grave
Martin Schulze wrote:
> Please make sure these problems are fixed in the package in sarge.
> When you need to upload a fixed package please add the CVE ids in
> the proper changelog entry.
Let's file a bug for tracking..
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0231
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0231
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781134617=
144&w=3D2
> Reference: MISC:http://www.mikx.de/firetabbing/
>=20
> Firefox 1.0 does not invoke the Javascript Security Manager when a
> user drags a javascript: URL to a tab, which could allos remote
> attackers to bypass the security model.
>=20
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Candidate: CAN-2005-0232
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0232
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20050207
> Category: SF
> Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
> Reference: URL:http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110781055630=
856&w=3D2
> Reference: MISC:http://www.mikx.de/fireflashing/
>=20
> Firefox 1.0 allows remote attackers to modify Boolean configuration
> parameters for the about:config site by using a plugin such as Flash,
> and the -moz-opacity filter, to display the about:config site then
> cause the user to double-click at a certain screen position.
>=20
> Regards,
>=20
> Joey
>=20
> --=20
> Open source is important from a technical angle. -- Linus Tor=
valds
>=20
--=20
see shy jo
--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCkLud8HHehbQuO8RAgyFAJ9G2PEjr3lm69TLKsXTup3qPhZXYgCff9Xn
f/9HrVbTgcXC7ck8UdCYJ+4=
=bQO5
-----END PGP SIGNATURE-----
--/NkBOFFp2J2Af1nK--
---------------------------------------
Received: (at 294415-close) by bugs.debian.org; 10 Feb 2005 06:54:34 +0000
>From [EMAIL PROTECTED] Wed Feb 09 22:54:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cz8Di-0004wL-00; Wed, 09 Feb 2005 22:54:34 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cz871-0001Ji-00; Thu, 10 Feb 2005 01:47:39 -0500
From: Eric Dorland <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#294415: fixed in mozilla-firefox 1.0+dfsg.1-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 10 Feb 2005 01:47:39 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: mozilla-firefox
Source-Version: 1.0+dfsg.1-6
We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:
mozilla-firefox-dom-inspector_1.0+dfsg.1-6_i386.deb
to
pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0+dfsg.1-6_i386.deb
mozilla-firefox-gnome-support_1.0+dfsg.1-6_i386.deb
to
pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0+dfsg.1-6_i386.deb
mozilla-firefox_1.0+dfsg.1-6.diff.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0+dfsg.1-6.diff.gz
mozilla-firefox_1.0+dfsg.1-6.dsc
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0+dfsg.1-6.dsc
mozilla-firefox_1.0+dfsg.1-6_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0+dfsg.1-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[EMAIL PROTECTED]> (supplier of updated mozilla-firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 9 Feb 2005 22:56:17 -0500
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support
mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0+dfsg.1-6
Distribution: unstable
Urgency: high
Maintainer: Eric Dorland <[EMAIL PROTECTED]>
Changed-By: Eric Dorland <[EMAIL PROTECTED]>
Description:
mozilla-firefox - lightweight web browser based on Mozilla
mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in
Mozilla Firefox
mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 294127 294415 294415
Changes:
mozilla-firefox (1.0+dfsg.1-6) unstable; urgency=high
.
* The "And I thought IE had security bugs!" release.
* toolkit/content/widgets/tabbrowser.xml,
xpfe/global/resources/content/bindings/tabbrowser.xml: Fix
"Firetabbing" vulnerability from bugzilla#280056, fixes
CAN-2005-0231. (Closes: #294415)
* modules/plugin/base/src/nsPluginHostImpl.cpp: Fix "Fireflashing"
vulnerability from bugzilla#280664, fixes CAN-2005-0232. (Also Closes:
#294415)
* build/unix/run-mozilla.sh: Patch from Javier Fernández-Sanguino Peña
to fix insecure temp file usage in run-mozilla.sh. (Closes: #294127)
* netwerk/base/src/nsStandardURL.cpp, netwerk/base/src/nsStandardURL.h:
Patch from bugzilla#261934 to make the network.enableIDN preference
work and again.
* browser/app/profile/firefox.js: Disable IDN by default. This doesn't
close #293975, but drops its severity.
* debian/README.Debian: Add warning and describe how to enable IDN.
Files:
06167d3b521a02420094144e3042caa7 1000 web optional
mozilla-firefox_1.0+dfsg.1-6.dsc
b6b148b640c73ecca7eea13f29c027e4 83686 web optional
mozilla-firefox_1.0+dfsg.1-6.diff.gz
f58b4b898f5f70adb2716359c7c1a583 8853952 web optional
mozilla-firefox_1.0+dfsg.1-6_i386.deb
5995ccc77091e03b16adb61843bd9d1d 153090 web optional
mozilla-firefox-dom-inspector_1.0+dfsg.1-6_i386.deb
c8ecdcdb71cde47fd6ae57026b6f504e 50380 web optional
mozilla-firefox-gnome-support_1.0+dfsg.1-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCv1MYemOzxbZcMYRAi+tAKC8KjLU85iIi8w3Ke2JRR5ilpDHUACfcxXx
BN5O6XB3CdH1cgkz9Dxc6fc=
=f+aI
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
