Bug#576466: iceweasel: CVE-2009-0777 address bar spoofing
Mike Hommey
mh at glandium.org
Mon Apr 5 07:39:06 UTC 2010
On Sun, Apr 04, 2010 at 05:52:13PM -0400, Michael Gilbert wrote:
> package: iceweasel
> severity: important
> version: 3.0.6-3
> tags: security
>
> hi, iceweasel in lenny is still vulnerable to an address bar spoofing
> vulnerability, that was fixed in an MFSA a while back. this is
> probably not worth fixing on its own, but if there are other pending
> security backports, it would be useful to fix it. see:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=452979
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777
Damn.
Here is what I wrote in October, with Moritz's answer following:
>> Now, wondering on http://security-tracker.debian.org/ I saw that I
>> forgot CVE-2009-0777 :( It was fixed on 3.0.7-1 in unstable, but maybe
>> it was decided to keep it for later, in which case we just forgot it,
>> later... a bit like #512111.
>>
>> Maybe we should do an iceweasel security update for this one... (it's
>> a
>> browser issue, not a xulrunner one)
>
> Hmm, we indeed missed it. But since it's a low severity issue let's
> postpone
> it for the next round of issues affecting Iceweasel.
Unfortunately, there hasn't been a next round of issues affecting
Iceweasel only.
Mike
More information about the pkg-mozilla-maintainers
mailing list