Package: mozilla-browser Version: 2:1.7.8-1 Severity: important Tags: security
I've tested mozilla to be vulnerable to CAN-2005-2395, although the original advisory only mentioned firefox: Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. For details, see http://www.securityfocus.com/archive/1/405666 -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages mozilla-browser depends on: ii debconf 1.4.52 Debian configuration management sy ii libatk1.0-0 1.10.1-2 The ATK accessibility toolkit ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfontconfig1 2.3.2-1 generic font configuration library ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.1-2 GCC support library ii libglib2.0-0 2.6.5-1 The GLib library of C routines ii libgtk2.0-0 2.6.8-1 The GTK+ graphical user interface ii libnspr4 2:1.7.8-1 Netscape Portable Runtime Library ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libstdc++5 1:3.3.6-7 The GNU Standard C++ Library v3 ii libx11-6 6.8.2.dfsg.1-3 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-3 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxp6 6.8.2.dfsg.1-3 X Window System printing extension ii libxrender1 1:0.9.0-2 X Rendering Extension client libra ii libxt6 6.8.2.dfsg.1-3 X Toolkit Intrinsics ii psmisc 21.6-1 Utilities that use the proc filesy ii xlibs 6.8.2.dfsg.1-3 X Window System client libraries m ii zlib1g 1:1.2.2-9 compression library - runtime Versions of packages mozilla-browser recommends: ii mozilla-psm 2:1.7.8-1 The Mozilla Internet application s pn myspell-en-us | myspell-dicti <none> (no description available) -- debconf information excluded -- see shy jo
signature.asc
Description: Digital signature