[Frugalware-darcs] homepage-ng: FSA197-firefox

voroskoi voroskoi at frugalware.org
Thu Jun 7 13:49:09 CEST 2007

Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607114139-dd049-7494c7cf42957ea6e462ac094eaf3182fe0652c1.gz;

voroskoi <voroskoi at frugalware.org>**20070607114139] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>197</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>firefox</package>
+		<vulnerable></vulnerable>
+		<unaffected></unaffected>
+		<bts>http://bugs.frugalware.org/task/2125</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2867
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2868
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2870
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2871</cve>
+		<desc>Some vulnerabilities have been reported in Mozilla Firefox, which =
can be exploited by malicious people to conduct spoofing attacks, bypass ce=
rtain security restrictions, and potentially compromise a user's system.
+			1) Errors in the JavaScript engine can be exploited to cause memory cor=
ruption and potentially to execute arbitrary code.
+			2) An error in the "addEventListener" method can be exploited to inject=
 script into another site, circumventing the browser's same-origin policy. =
This could be used to access or modify sensitive information from the other=
+			3) An error in the handling of XUL popups can be exploited to spoof par=
ts of the browser such as the location bar.</desc>
+	</fsa>

More information about the Frugalware-darcs mailing list