Package: mozilla-browser Version: 2:1.5-3 Severity: minor Tags: security Please refer to [0]upstream Bug#228176.
The vulnerability is [1]originally found in Internet Explorer, but Mozilla turned out to be also vulnerable in that its status bar is spoofed (location bar and properties panel are safe). [0] http://bugzilla.mozilla.org/show_bug.cgi?id=228176 I'll second the comment #10 by David Baron <[EMAIL PROTECTED]>: > That is somewhat > serious when Javascript is turned off or when the ability of sites to change the > status bar is disabled, since in those cases the status bar ought to be able to > be trusted. [1] http://www.secunia.com/internet_explorer_address_bar_spoofing_test/ P.S. Please cc me on replies since I'm not on debian-security -- INOUE Hiroyuki E-Mail: [EMAIL PROTECTED] PGP Fingerprint: CAF3 05AB B2C6 0869 2876 1F68 3C49 F871 BC66 3D8D -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux vmthirty 2.4.18-bf2.4 #1 Tue Dec 2 10:56:03 UTC 2003 i686 Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP Versions of packages mozilla-browser depends on: ii debconf 1.2.35 Debian configuration management sy ii libatk1.0-0 1.4.1-1 The ATK accessibility toolkit ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an ii libgcc1 1:3.3.2-4 GCC support library ii libglib2.0-0 2.2.3-1 The GLib library of C routines ii libgtk2.0-0 2.2.4-2 The GTK+ graphical user interface ii libnspr4 2:1.5-3 Netscape Portable Runtime Library ii libpango1.0-0 1.2.5-2.1 Layout and rendering of internatio ii libstdc++5 1:3.3.2-4 The GNU Standard C++ Library v3 ii psmisc 20.2-2.1 Utilities that use the proc filesy ii xlibs 4.1.0-16woody1 X Window System client libraries ii zlib1g 1:1.1.4-1.0woody0 compression library - runtime
pgp4g3mxrGCHi.pgp
Description: PGP signature
