[ale] Critical Flaws Open Up Firefox 2.0x To Attack
Paul Cartwright
ale at pcartwright.com
Mon Jul 7 17:18:32 EDT 2008
On Mon July 7 2008, Brian Pitts wrote:
> http://packages.debian.org/changelogs/pool/main/i/iceweasel/iceweasel_2.0.0
>.14-0etch1/changelog
>
> is the authoritative place to check AFAIK.
so, according to the LATEST fix:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before
2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a
denial of service (garbage collector crash) and possibly have other impacts
via a crafted web page. NOTE: this is due to an incorrect fix for
CVE-2008-1237.
Iceweasel is fixed same as FF 2.0.0.15
--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459
More information about the Ale
mailing list