diff options
| author | nectar <nectar@FreeBSD.org> | 2004-08-15 14:31:56 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-08-15 14:31:56 +0000 |
| commit | e87ed3afdc63c4d14a7e719652f750e64f4e391e (patch) | |
| tree | 1533c37831bb11aa0110fda3b19cbcfcb338ac3b /security | |
| parent | 08e2feab514a3cfbc59506801d96d362392b2f2f (diff) | |
| download | FreeBSD-ports-e87ed3afdc63c4d14a7e719652f750e64f4e391e.zip FreeBSD-ports-e87ed3afdc63c4d14a7e719652f750e64f4e391e.tar.gz | |
Correct the version number range affected for Mozilla 1.8 alphas.
Problem hinted at by: eik
While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links. It is interesting that this security issue was reported
as early as 1999. Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 246f7ec..2e747e8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -4292,7 +4292,7 @@ misc.c: <package> <name>mozilla</name> <range><le>1.7.1,2</le></range> - <range><ge>1.8,2</ge><le>1.8.a2,2</le></range> + <range><ge>1.8.a,2</ge><le>1.8.a2,2</le></range> </package> <package> <name>mozilla-gtk1</name> @@ -4301,11 +4301,20 @@ misc.c: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>A vulnerability has been reported in Mozilla and Firefox, - allowing malicious websites to spoof the user interface.</p> + <p>The Mozilla project's family of browsers contain a design + flaw that can allow a website to spoof almost perfectly any + part of the Mozilla user interface, including spoofing web + sites for phishing or internal elements such as the "Master + Password" dialog box. This achieved by manipulating "chrome" + through remote XUL content. Recent versions of Mozilla have + been fixed to not allow untrusted documents to utilize + "chrome" in this way.</p> </body> </description> <references> + <cvename>CAN-2004-0764</cvename> + <url>http://bugzilla.mozilla.org/show_bug.cgi?id=22183</url> + <url>http://bugzilla.mozilla.org/show_bug.cgi?id=244965</url> <url>http://bugzilla.mozilla.org/show_bug.cgi?id=252198</url> <url>http://www.nd.edu/~jsmith30/xul/test/spoof.html</url> <url>http://secunia.com/advisories/12188</url> @@ -4314,7 +4323,7 @@ misc.c: <dates> <discovery>2004-07-19</discovery> <entry>2004-07-30</entry> - <modified>2004-08-12</modified> + <modified>2004-08-15</modified> </dates> </vuln> |
