oss-sec mailing list archives
Firefox: CVE-2011-3867 a dupe of CVE-2011-2998
From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 30 Sep 2011 07:46:32 +0200
Hi, When http://www.mozilla.org/security/announce/2011/mfsa2011-37.html went live it initially listed "CVE-2011-XXXX" as the CVE ID. However, since it was obvious that CVE-2011-2998 was missing in the block of Mozilla IDs I asked the Mozilla security group for confirmation if MFSA 2011-37 is in fact CVE-2011-2998, which they confirmed and fixed on the website later the day. MITRE then seems to have assigned CVE-2011-3867 to this issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3867, which links to the MFSA page, which itself mentions CVE-2011-2998. Beside Debian CVE-2011-2998 was also used by Red Hat: https://rhn.redhat.com/errata/RHSA-2011-1341.html and since it's also mentioned on the Mozilla page my recommendation would be to reject CVE-2011-3867, before it gets used more widely. Cheers, Moritz
Current thread:
- Firefox: CVE-2011-3867 a dupe of CVE-2011-2998 Moritz Muehlenhoff (Sep 29)