------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#36 ------------------------------------------------------------
Name: firefox Date: 2007-08-01 Severity: High Warning #: 2007-#36 ------------------------------------------------------------ Product Background =================== The Mozilla Foundation Browser Web Problem Background =================== A flaw was discovered in handling of "about:blank" windows used by addons. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. Impact ================== [1]A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844) [2]In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845) Problem Packages =================== Package: firefox Repo: current Group: network Unsafe: < 2.0.0.6 Safe: >= 2.0.0.6 Package Fix =================== Upgrade to 2.0.0.6 --------------------------------------------- Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html --------------------------------------------- Reference(s) =================== [1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844 [2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845
pgpZUNsRPYteY.pgp
Description: PGP signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
