From 79270391e652b81dee70db9a7097a41ae1c92d6a Mon Sep 17 00:00:00 2001 From: simon Date: Sat, 26 Feb 2005 21:12:12 +0000 Subject: - Just use mozilla in title for last entry for consistency. - Document mozilla -- insecure temporary directory vulnerability. --- security/vuxml/vuln.xml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a6d9bd3ccf4d..ede51ece2c58 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,8 +32,84 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + mozilla -- insecure temporary directory vulnerability + + + firefox + 1.0.1,1 + + + mozilla + 1.7.6,2 + + + linux-mozilla + linux-mozilla-devel + 1.7.6 + + + netscape7 + 0 + + + + de-linux-mozillafirebird + el-linux-mozillafirebird + ja-linux-mozillafirebird-gtk1 + ja-mozillafirebird-gtk2 + linux-mozillafirebird + ru-linux-mozillafirebird + zhCN-linux-mozillafirebird + zhTW-linux-mozillafirebird + 0 + + + + de-linux-netscape + de-netscape7 + fr-linux-netscape + fr-netscape7 + ja-linux-netscape + ja-netscape7 + linux-netscape + linux-phoenix + mozilla+ipv6 + mozilla-embedded + mozilla-firebird + mozilla-gtk1 + mozilla-gtk2 + mozilla-gtk + mozilla-thunderbird + phoenix + pt_BR-netscape7 + 0 + + + + +

A Mozilla Foundation Security Advisory reports:

+
A predictable name is used for the plugin temporary + directory. A malicious local user could symlink this to + the victim's home directory and wait for the victim to run + Firefox. When Firefox shuts down the victim's directory + would be erased.
+

+ + + + http://www.mozilla.org/security/announce/mfsa2005-28.html + https://bugzilla.mozilla.org/show_bug.cgi?id=281284 + + + 2005-02-06 + 2005-02-26 + + + - mozilla & firefox -- arbitrary code execution vulnerability + mozilla -- arbitrary code execution vulnerability firefox -- cgit