Subject: firefox-2.0.0.1 vulnerability?
To: None <pkgsrc-users@netbsd.org>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: pkgsrc-users
Date: 01/23/2007 15:46:30
# pwd
/usr/pkgsrc/www/firefox2
# make update
===> Resuming update for firefox-2.0.0.1
=> Required installed package digest>=20010302: digest-20010807 found
===> Checking for vulnerabilities in firefox-2.0.0.1
ERROR: remote-information-exposure vulnerability in firefox-2.0.0.1 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894 for more information
firefox{,2}{,-bin,-gtk1}-[0-9]*
ERROR: Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
...
# lynx 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894'
...
   Description Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla
   SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted

?

The text of the referenced vulnerability doesn't seem to apply to 2.0.0.1..

Cheers,

Patrick