FLEA-2007-0001-1: firefox

To: foresight-security-announce@xxxxxxxxxxxxxxx
Subject: FLEA-2007-0001-1: firefox
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Mar 2007 00:42:32 -0400
Cc: lwn@xxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <45EF8D85.3050102@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Foresight Linux
References: <45EF374E.1090207@xxxxxxxxxxxxxxxxxx> <45EF8D85.3050102@xxxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0b2 (X11/20070310)

Foresight Linux Essential Advisory: 2007-0001-1
Published: 2007-03-22

Rating: Minor

Updated Versions:
    firefox=/foresight.rpath.org@fl:1-devel//1/2.0.0.3-1-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.8-2

References:
    http://www.mozilla.org/security/announce/2007/mfsa2007-11.html

Description:

Previous versions of the Firefox package were vulnerable to aninformation disclosure issue. Firefox's handling of PASV FTP connectionscould allow a specially crafted server to perform rudimentary portscanning on the client machine, giving the FTP server information aboutthe client's system. In and of itself, this is not going to cause aremote code exploit, but could aid a malicious individual in other attacks.

References:
- FLSA - foresight linux security announcements
  - From: Jonathan Smith

Prev by Date: [USN-440-1] MySQL vulnerability
Next by Date: rPSA-2007-0059-1 file
Previous by thread: FLSA - foresight linux security announcements
Next by thread: FLEA-2007-0002-1: inkscape
Index(es):
- Date
- Thread