Summary: | <www-client/mozilla-firefox{,-bin}-2.0.0.17 - multiple vulnerabilities (CVE-2007-{3073,3089},CVE-2008-0591) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | jaak, linuxgeek, sgtphou |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 185737, 208128, 238535 | ||
Bug Blocks: |
Description
Carsten Lohrke (RETIRED)
2007-06-08 23:13:42 UTC
mozilla, do we know if this issues are fixed with version 2.0.0.6? please advise. (In reply to comment #1) > mozilla, do we know if this issues are fixed with version 2.0.0.6? please > advise. > It's not. According to the bugs posted avobe, they will be fixed in firefox-3.0. (In reply to comment #2) > (In reply to comment #1) > > mozilla, do we know if this issues are fixed with version 2.0.0.6? please > > advise. > > > > It's not. According to the bugs posted avobe, they will be fixed in > firefox-3.0. > ok, setting to enhancement for now, we'll see when 3.0 is released. * http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063712.html https://bugzilla.mozilla.org/show_bug.cgi?id=382686 https://bugzilla.mozilla.org/show_bug.cgi?id=376473 Those are fixed since ff-2.0.0.5 The first is not https://bugzilla.mozilla.org/show_bug.cgi?id=380994 also appears to have been fixed quite a long time ago, so maybe you can resolve this bug report. Nothing for mozilla herd to do here. https://bugzilla.mozilla.org/show_bug.cgi?id=380994 : CVE-2007-3073 is a duplicate of CVE-2008-4067 [1]. CVE-2008-4067 is listed on bug 238535 which is on a GLSA request. https://bugzilla.mozilla.org/show_bug.cgi?id=382686 : CVE-2007-3089 - fixed in bug 185737 and listed on GLSA 200708-09. https://bugzilla.mozilla.org/show_bug.cgi?id=376473 : CVE-2008-0591 - fixed in bug 208128 and listed on GLSA 200805-18. [1] http://seclists.org/oss-sec/2008/q4/41 This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |