Package: mozilla-browser
Version: 2:1.5-3
Severity: minor
Tags: security
Please refer to [0]upstream Bug#228176.
The vulnerability is [1]originally found in Internet Explorer,
but Mozilla turned out to be also vulnerable in that its status
bar is spoofed (location bar and properties panel are safe).
[0] http://bugzilla.mozilla.org/show_bug.cgi?id=228176
I'll second the comment #10 by David Baron <dbaron@dbaron.org>:
> That is somewhat
> serious when Javascript is turned off or when the ability of sites to change the
> status bar is disabled, since in those cases the status bar ought to be able to
> be trusted.
[1] http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
P.S. Please cc me on replies since I'm not on debian-security
--
INOUE Hiroyuki
E-Mail: dombly@kc4.so-net.ne.jp
PGP Fingerprint: CAF3 05AB B2C6 0869 2876 1F68 3C49 F871 BC66 3D8D
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux vmthirty 2.4.18-bf2.4 #1 Tue Dec 2 10:56:03 UTC 2003 i686
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP
Versions of packages mozilla-browser depends on:
ii debconf 1.2.35 Debian configuration management sy
ii libatk1.0-0 1.4.1-1 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
ii libgcc1 1:3.3.2-4 GCC support library
ii libglib2.0-0 2.2.3-1 The GLib library of C routines
ii libgtk2.0-0 2.2.4-2 The GTK+ graphical user interface
ii libnspr4 2:1.5-3 Netscape Portable Runtime Library
ii libpango1.0-0 1.2.5-2.1 Layout and rendering of internatio
ii libstdc++5 1:3.3.2-4 The GNU Standard C++ Library v3
ii psmisc 20.2-2.1 Utilities that use the proc filesy
ii xlibs 4.1.0-16woody1 X Window System client libraries
ii zlib1g 1:1.1.4-1.0woody0 compression library - runtime
Attachment:
pgpArCe89OmSe.pgp
Description: PGP signature