[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Firefox: CVE-2011-3867 a dupe of CVE-2011-2998
From: Moritz Muehlenhoff <jmm () debian ! org>
Date: 2011-09-30 5:46:32
Message-ID: 20110930054632.GA29071 () inutil ! org
[Download RAW message or body]
Hi,
When http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
went live it initially listed "CVE-2011-XXXX" as the CVE ID. However,
since it was obvious that CVE-2011-2998 was missing in the block of
Mozilla IDs I asked the Mozilla security group for confirmation if
MFSA 2011-37 is in fact CVE-2011-2998, which they confirmed and
fixed on the website later the day.
MITRE then seems to have assigned CVE-2011-3867 to this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3867, which
links to the MFSA page, which itself mentions CVE-2011-2998.
Beside Debian CVE-2011-2998 was also used by Red Hat:
https://rhn.redhat.com/errata/RHSA-2011-1341.html and since it's also
mentioned on the Mozilla page my recommendation would be to reject
CVE-2011-3867, before it gets used more widely.
Cheers,
Moritz
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic