Roy Schestowitz wrote:
> http://news.com.com/2100-1002_3-6063529.html?part=rss&tag=6063529&subj=news
>
> ,----[ Quote ]
> | Does bad luck indeed come in threes? A Microsoft security fix for
> | Outlook Express could be the third of last week's patches to cause
> | trouble for some users.
> `----
>
-> Lesson to be learned: design secure software, don't rely on patches.
Hmmmm. Interesting. My Ubuntu machine tells me it needs to patch
Firefox. Let's see why... What's that again about designing secure
software and not rely on patches?
Version 1.0.8-0ubuntu5.10:
* New upstream release which fixes the following vulnerabilities:
- MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print
Preview
- MFSA 2006-24, CVE-2006-1728: Privilege escalation using
crypto.generateCRMFRequest
- MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
- MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
Vulnerability
- MFSA 2006-19, CVE-2006-1731: Cross-site scripting using
.valueOf.call()
- MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order
Vulnerability
- MFSA 2006-17, CVE-2006-1732: cross-site scripting through
window.controllers
- MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
valueOf.call()
- MFSA 2006-15, CVE-2006-1734: Privilege escalation using a
JavaScript
function's cloned parent
- MFSA 2006-14, CVE-2006-1735: Privilege escalation via
XBL.method.eval
- MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save
Image
As..."
- MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
warning dialog)
- MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790: Crashes with evidence of memory corruption
(rv:1.8)
- MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard
audit
- MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection
using event
handlers
- MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
XULDocument.persist()
- MFSA 2006-03, CVE-2005-4134: Long document title causes startup
denial
of Service
- MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection
hazards
|
|