Home page logo

oss-sec logo oss-sec mailing list archives

Firefox: CVE-2011-3867 a dupe of CVE-2011-2998
From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 30 Sep 2011 07:46:32 +0200

When http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
went live it initially listed "CVE-2011-XXXX" as the CVE ID. However,
since it was obvious that CVE-2011-2998 was missing in the block of
Mozilla IDs I asked the Mozilla security group for confirmation if
MFSA 2011-37 is in fact CVE-2011-2998, which they confirmed  and 
fixed on the website later the day.

MITRE then seems to have assigned CVE-2011-3867 to this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3867, which
links to the MFSA page, which itself mentions CVE-2011-2998.

Beside Debian CVE-2011-2998 was also used by Red Hat:
https://rhn.redhat.com/errata/RHSA-2011-1341.html and since it's also 
mentioned on the Mozilla page my recommendation would be to reject 
CVE-2011-3867, before it gets used more widely.


  By Date           By Thread  

Current thread:
  • Firefox: CVE-2011-3867 a dupe of CVE-2011-2998 Moritz Muehlenhoff (Sep 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]