Bug 19749 - множественные уязвимости, MSFA 2009-16..22
: множественные уязвимости, MSFA 2009-16..22
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/seamonkey)
: unstable
: all Linux
: P3 blocker
Assigned To:
:
: http://secunia.com/advisories/34835
:
:
:
  Show dependency tree
 
Reported: 2009-04-24 01:44 by
Modified: 2009-06-28 22:24 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-04-24 01:44:21
Обнаружены множественные уязвимости в ветке 1.1.x
MFSA 2009-22  Firefox allows Refresh header to redirect to javascript: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded
frame
MFSA 2009-19 Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source:
scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner
URI

Официального исправления пока ещё не выпущено.
------- Comment #1 From 2009-06-27 07:31:51 -------
В 1.1.17 были исправлены следующие уязвимости:

MFSA 2009-33  Crash viewing multipart/alternative message with text/enhanced
part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an
element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded
frame
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source:
scheme

Видимо, для seamonkey не все актуально.
------- Comment #2 From 2009-06-28 22:24:02 -------
Они актуальны для seamonkey, просто они не были исправлены.