Bug#559792: xulrunner: CVE-2009-5913 phishing vulnerability
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Dec 7 03:43:03 UTC 2009
Package: xulrunner
Version: 1.9.1.5-2
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.
CVE-2008-5913[0]:
| An unspecified function in the JavaScript implementation in Mozilla
| Firefox creates and exposes a "temporary footprint" when there is a
| current login to a web site, which makes it easier for remote
| attackers to trick a user into acting upon a spoofed pop-up message,
| aka an "in-session phishing attack." NOTE: as of 20090116, the only
| disclosure is a vague pre-advisory with no actionable information.
| However, because it is from a well-known researcher, it is being
| assigned a CVE identifier for tracking purposes.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913
http://security-tracker.debian.org/tracker/CVE-2008-5913
More information about the pkg-mozilla-maintainers
mailing list