firefox-2.0.0.1 vulnerability?

To: pkgsrc-users%netbsd.org@localhost
Subject: firefox-2.0.0.1 vulnerability?
From: Patrick Welche <prlw1%newn.cam.ac.uk@localhost>
Date: Tue, 23 Jan 2007 15:46:30 +0000

# pwd
/usr/pkgsrc/www/firefox2
# make update
===> Resuming update for firefox-2.0.0.1
=> Required installed package digest>=20010302: digest-20010807 found
===> Checking for vulnerabilities in firefox-2.0.0.1
ERROR: remote-information-exposure vulnerability in firefox-2.0.0.1 - see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894 for more information
firefox{,2}{,-bin,-gtk1}-[0-9]*
ERROR: Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
...
# lynx 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894'
...
   Description Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla
   SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted

?

The text of the referenced vulnerability doesn't seem to apply to 2.0.0.1..

Cheers,

Patrick

Follow-Ups:
- Re: firefox-2.0.0.1 vulnerability?
  - From: Geert Hendrickx
- Re: firefox-2.0.0.1 vulnerability?
  - From: Joerg Sonnenberger

Prev by Date: Re: libxslt needs -D_REENTRANT
Next by Date: Re: Problems with rxvt-unicode after installing
Previous by Thread: Xfce 4.4.0 available in pkgsrc-wip
Next by Thread: Re: firefox-2.0.0.1 vulnerability?
Indexes:

Home | Main Index | Thread Index | Old Index