Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2008-08
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities

  [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability

  Mozilla Foundation Security Advisory 2008-11

  Mozilla Foundation Security Advisory 2008-10

  Mozilla Foundation Security Advisory 2008-09

From:MOZILLA
Date:10.02.2008
Subject:Mozilla Foundation Security Advisory 2008-08

Mozilla Foundation Security Advisory 2008-08

Title: File action dialog tampering
Impact: Moderate
Announced: February 7, 2008
Reporter: Michal Zalewski
Products: Firefox, Thunderbird

Fixed in: Firefox 2.0.0.12
 Thunderbird 2.0.0.12
Description

Security researcher Michal Zalewski demonstrated that timer-enabled security dialogs can be subverted by attackers using JavaScript to change the window focus. Zalewski showed that a user could be tricked into confirming a security dialog of this type by bringing the dialog back into focus right before a user clicked in a predictable time and place.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=376473
   * CVE-2008-0591

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru