Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 181361 (CVE-2007-3073)

Summary: <www-client/mozilla-firefox{,-bin}-2.0.0.17 - multiple vulnerabilities (CVE-2007-{3073,3089},CVE-2008-0591)
Product: Gentoo Security Reporter: Carsten Lohrke (RETIRED) <carlo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: enhancement CC: jaak, linuxgeek, sgtphou
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A4 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 185737, 208128, 238535    
Bug Blocks:    

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-09 11:32:11 UTC 
mozilla, do we know if this issues are fixed with version 2.0.0.6? please advise.
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2007-08-09 13:29:46 UTC 
(In reply to comment #1)
> mozilla, do we know if this issues are fixed with version 2.0.0.6? please
> advise.
> 

It's not. According to the bugs posted avobe, they will be fixed in firefox-3.0.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-08 16:12:58 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > mozilla, do we know if this issues are fixed with version 2.0.0.6? please
> > advise.
> > 
> 
> It's not. According to the bugs posted avobe, they will be fixed in
> firefox-3.0.
> 
ok, setting to enhancement for now, we'll see when 3.0 is released.
Comment 5 Jaak Ristioja 2010-07-23 08:17:14 UTC 
https://bugzilla.mozilla.org/show_bug.cgi?id=380994 also appears to have been fixed quite a long time ago, so maybe you can resolve this bug report.
Comment 6 Jory A. Pratt gentoo-dev 2010-09-16 12:54:05 UTC 
Nothing for mozilla herd to do here.
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2012-02-09 15:03:20 UTC 
https://bugzilla.mozilla.org/show_bug.cgi?id=380994 : 
CVE-2007-3073 is a duplicate of CVE-2008-4067 [1]. 
CVE-2008-4067 is listed on bug 238535 which is on a GLSA request.

https://bugzilla.mozilla.org/show_bug.cgi?id=382686 :
CVE-2007-3089 - fixed in bug 185737 and listed on GLSA 200708-09.

https://bugzilla.mozilla.org/show_bug.cgi?id=376473 : 
CVE-2008-0591 - fixed in bug 208128 and listed on GLSA 200805-18.


[1] http://seclists.org/oss-sec/2008/q4/41
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:43 UTC 
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).