From:
[email protected]
Package: mozilla-firefox
Version: 0.8-12
Severity: grave
Tags: security sarge upstream fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0779
+-----------------------------------------------------------------------------+ | Name | CAN-2004-0779 (under review) | |-------------+---------------------------------------------------------------| | | The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web | | | browsers do not properly verify that cached passwords for SSL | | Description | encrypted sites are only sent via SSL encrypted sessions to | | | the site, which allows a remote attacker to cause a cached | | | password to be sent in cleartext to a spoofed site. | |-------------+---------------------------------------------------------------| | | * CONFIRM:
http://bugzilla.mozilla.org/show_bug.cgi?id= | | | 226278 | | | * CONFIRM:
http://www.mozilla.org/projects/security/ | | References | known-vulnerabilities.html#mozilla1.7 | | | * MANDRAKE:MDKSA-2004:082 | | | * URL:
http://www.mandrakesoft.com/security/advisories?name= | | | MDKSA-2004:082 | |-------------+---------------------------------------------------------------| | Phase | Assigned (20040813) | |-------------+---------------------------------------------------------------| | Votes | | |-------------+---------------------------------------------------------------| | Comments | | +-----------------------------------------------------------------------------+
Candidate assigned on 20040813 and proposed on N/A
--
Obsig: developing a new sig
--
To UNSUBSCRIBE, email to
[email protected]
with a subject of "unsubscribe". Trouble? Contact
[email protected]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)