[Secure-testing-team] Some mozilla security bug updates
Mike Hommey
mh at glandium.org
Fri Mar 23 19:52:38 UTC 2007
Hi,
I just discovered http://security-tracker.debian.net/tracker/ (shame on
me not to have known it earlier) and have some comments for some bugs
affecting mozilla-based packages.
CVE-2006-6506 doesn't apply to iceape
CVE-2007-1116 also applies to xulrunner, and is reported as debian bugs
#415919, #415944 and #415945.
CVE-2006-6507 does apply neither to iceape nor to xulrunner
CVE-2006-0496 also affects iceape and xulrunner
CVE-2007-0801 also affects iceape and xulrunner, but, according to
https://bugzilla.mozilla.org/show_bug.cgi?id=369428, is fixed since
iceweasel 2.0.0.2, iceape 1.0.8 and xulrunner 1.8.0.10.
I guess CVE-2007-1004 affects iceape, and *may* affect browsers based on
xulrunner.
CVE-2007-1084 may affect iceape and browsers based on xulrunner.
I can't reproduce CVE-2006-4561 with xulrunner. Neither in 1.8.0.10-3
nor in earlier (I tried 1.8.0.5-4) version... Anyways, if firefox indeed
got fixed in 1.5.0.7, then it means xulrunner was fixed in 1.8.0.7-1.
And if the fix was really done in mozilla code base 1.8.0.7, then iceape
was never exposed.
Cheers,
Mike
More information about the Secure-testing-team
mailing list