FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox & mozilla -- multiple vulnerabilities

Affected packages
		firefox	<	1.0.5,1
		linux-firefox	<	1.0.5
		mozilla	<	1.7.9,2
1.8.*,2	<=	mozilla
		linux-mozilla	<	1.7.9
1.8.*	<=	linux-mozilla
		linux-mozilla-devel	<	1.7.9
1.8.*	<=	linux-mozilla-devel
0	<=	netscape7
0	<=	de-linux-mozillafirebird
0	<=	el-linux-mozillafirebird
0	<=	ja-linux-mozillafirebird-gtk1
0	<=	ja-mozillafirebird-gtk2
0	<=	linux-mozillafirebird
0	<=	ru-linux-mozillafirebird
0	<=	zhCN-linux-mozillafirebird
0	<=	zhTW-linux-mozillafirebird
0	<=	de-linux-netscape
0	<=	de-netscape7
0	<=	fr-linux-netscape
0	<=	fr-netscape7
0	<=	ja-linux-netscape
0	<=	ja-netscape7
0	<=	linux-netscape
0	<=	linux-phoenix
0	<=	mozilla+ipv6
0	<=	mozilla-embedded
0	<=	mozilla-firebird
0	<=	mozilla-gtk
0	<=	mozilla-gtk1
0	<=	mozilla-gtk2
0	<=	mozilla-thunderbird
0	<=	phoenix
0	<=	pt_BR-netscape7

Details

VuXML ID	5d72701a-f601-11d9-bcd1-02061b08fc24
Discovery	2005-07-12
Entry	2005-07-16

The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla:

MFSA 2005-56 Code execution through shared function objects

MFSA 2005-55 XHTML node spoofing

MFSA 2005-54 Javascript prompt origin spoofing

MFSA 2005-53 Standalone applications can run arbitrary code through the browser

MFSA 2005-52 Same origin violation: frame calling top.focus()

MFSA 2005-51 The return of frame-injection spoofing

MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()

MFSA 2005-49 Script injection from Firefox sidebar panel using data:

MFSA 2005-48 Same-origin violation with InstallTrigger callback

MFSA 2005-47 Code execution via "Set as Wallpaper"

MFSA 2005-46 XBL scripts ran even when Javascript disabled

MFSA 2005-45 Content-generated event vulnerabilities

[source]

References

CVE Name	CVE-2005-1937
CVE Name	CVE-2005-2260
CVE Name	CVE-2005-2261
CVE Name	CVE-2005-2262
CVE Name	CVE-2005-2263
CVE Name	CVE-2005-2264
CVE Name	CVE-2005-2265
CVE Name	CVE-2005-2266
CVE Name	CVE-2005-2267
CVE Name	CVE-2005-2268
CVE Name	CVE-2005-2269
CVE Name	CVE-2005-2270
URL	http://www.mozilla.org/projects/security/known-vulnerabilities.html
URL	http://www.mozilla.org/security/announce/mfsa2005-45.html
URL	http://www.mozilla.org/security/announce/mfsa2005-46.html
URL	http://www.mozilla.org/security/announce/mfsa2005-47.html
URL	http://www.mozilla.org/security/announce/mfsa2005-48.html
URL	http://www.mozilla.org/security/announce/mfsa2005-49.html
URL	http://www.mozilla.org/security/announce/mfsa2005-50.html
URL	http://www.mozilla.org/security/announce/mfsa2005-51.html
URL	http://www.mozilla.org/security/announce/mfsa2005-52.html
URL	http://www.mozilla.org/security/announce/mfsa2005-53.html
URL	http://www.mozilla.org/security/announce/mfsa2005-54.html
URL	http://www.mozilla.org/security/announce/mfsa2005-55.html
URL	http://www.mozilla.org/security/announce/mfsa2005-56.html