FLEA-2007-0001-1: firefox

To:	foresight-security-announce@lists.rpath.org
Subject:	FLEA-2007-0001-1: firefox
From:	Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org>
Date:	Thu, 22 Mar 2007 00:42:32 -0400
Cc:	lwn@lwn.net, full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
In-reply-to:	<45EF8D85.3050102@moritz-naumann.com>
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm
Organization:	Foresight Linux
References:	<45EF374E.1090207@foresightlinux.org> <45EF8D85.3050102@moritz-naumann.com>
User-agent:	Thunderbird 2.0b2 (X11/20070310)

Foresight Linux Essential Advisory: 2007-0001-1
Published: 2007-03-22

Rating: Minor

Updated Versions:
    firefox=/foresight.rpath.org@fl:1-devel//1/2.0.0.3-1-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.8-2

References:
    http://www.mozilla.org/security/announce/2007/mfsa2007-11.html

Description:

Previous versions of the Firefox package were vulnerable to aninformation disclosure issue. Firefox's handling of PASV FTP connectionscould allow a specially crafted server to perform rudimentary portscanning on the client machine, giving the FTP server information aboutthe client's system. In and of itself, this is not going to cause aremote code exploit, but could aid a malicious individual in other attacks.

<Prev in Thread]	Current Thread	[Next in Thread>
FLSA - foresight linux security announcements, Jonathan Smith Message not available FLEA-2007-0001-1: firefox, Foresight Linux Essential Announcement Service <= Message not available FLEA-2007-0002-1: inkscape, Foresight Linux Essential Announcement Service Message not available FLEA-2007-0003-1: cups, Foresight Linux Essential Announcement Service Message not available FLEA-2007-0004-1: openoffice.org, Foresight Linux Essential Announcement Service Message not available FLEA-2007-0005-1: slocate, Foresight Linux Essential Announcement Service

Previous by Date:	[USN-440-1] MySQL vulnerability, Kees Cook
Next by Date:	rPSA-2007-0059-1 file, rPath Update Announcements
Previous by Thread:	FLSA - foresight linux security announcements, Jonathan Smith
Next by Thread:	FLEA-2007-0002-1: inkscape, Foresight Linux Essential Announcement Service
Indexes:	[Date] [Thread] [Top] [All Lists]