Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2008-06
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities

  [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability

  Mozilla Foundation Security Advisory 2008-11

  Mozilla Foundation Security Advisory 2008-10

  Mozilla Foundation Security Advisory 2008-09

From:MOZILLA
Date:10.02.2008
Subject:Mozilla Foundation Security Advisory 2008-06

Mozilla Foundation Security Advisory 2008-06

Title: Web browsing history and forward navigation stealing
Impact: Critical
Announced: February 7, 2008
Reporter: David Bloom
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.12
 SeaMonkey 1.1.8
Description

Mozilla contributor David Bloom reported a vulnerability in the way images are treated by the browser when a user leaves a page which utilizes designMode frames. The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=400556
   * CVE-2008-0419

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru