Package: mozilla
Version: 2:1.7.8-1sarge1
Severity: critical
Tags: security
There are still unfixed security issues in the mozilla package in sarge,
namely:
+ CAN-2005-2270/MFSA 2005-56 Code execution through shared
function objects
+ CAN-2005-2269/MFSA 2005-55 XHTML node spoofing
+ CAN-2005-2268/MFSA 2005-54 Javascript prompt origin spoofing
+ CAN-2005-2266/MFSA 2005-52 Same origin violation: frame
calling top.focus()
+ CAN-2005-2265/MFSA 2005-50 Possibly exploitable crash in
InstallVersion.compareTo()
+ CAN-2005-2263/MFSA 2005-48 Same-origin violation with InstallTrigger
callback
+ CAN-2005-2261/MFSA 2005-46 XBL scripts ran even when Javascript
disabled
+ CAN-2005-2260/MFSA 2005-45 Content-generated event vulnerabilities
+ CAN-2005-1937/MFSA 2005-51 The return of frame-injection spoofing
(-> was already fixed with 2:1.7.8-1sarge1)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
