Lucene search
SecurityvulnsSECURITYVULNS:DOC:20113HistoryJul 03, 2008 - 12:00 a.m.
Mozilla Foundation Security Advisory 2008-27
2008-07-0300:00:00
vulners.com
20
Mozilla Foundation Security Advisory 2008-27
Title: Arbitrary file upload via originalTarget and DOM Range
Impact: High
Announced: July 1, 2008
Reporter: Claudio Santambrogio
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.15
SeaMonkey 1.1.10
Description
Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal files from known locations on a victim's computer.
Firefox 3 is not vulnerable to this attack due to the changed design of the file upload form element.
Workaround
Disable JavaScript until a version containing these fixes can be installed.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=423541
* CVE-2008-2805
Related
prion
prion
Design/Logic Flaw
2008-07-07 23:41:00
cve
cve
CVE-2008-2805
2008-07-07 23:41:00
veracode
veracode
Unrestricted File Upload
2020-04-10 00:24:11
mozilla
mozilla
Arbitrary file upload via originalTarget and DOM Range β Mozilla
2008-07-01 00:00:00
ubuntucve
ubuntucve
CVE-2008-2805
2008-07-07 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:136)
2009-04-23 00:00:00
Debian DSA-1607-1 : iceweasel - several vulnerabilities
2008-07-15 00:00:00
Scientific Linux Security Update : firefox on SL4.x i386/x86_64
2012-08-01 00:00:00
debian
debian
[SECURITY] [DSA 1607-1] New iceweasel packages fix several vulnerabilities
2008-07-11 16:11:41
[SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities
2008-07-23 20:33:58
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities
2009-01-07 21:41:42
openvas
openvas
Debian Security Advisory DSA 1607-1 (iceweasel)
2008-07-15 00:00:00
Debian: Security Advisory (DSA-1607-1)
2008-07-15 00:00:00
Mandriva Update for mozilla-firefox MDVSA-2008:136 (mozilla-firefox)
2009-04-09 00:00:00
osv
osv
iceweasel - several vulnerabilities
2008-07-11 00:00:00
xulrunner - several vulnerabilities
2008-07-23 00:00:00
iceape - several vulnerabilities
2009-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: kazehakase-0.5.4-2.fc8.2
2008-07-06 06:14:11
[SECURITY] Fedora 8 Update: seamonkey-1.1.10-1.fc8
2008-07-09 02:47:28
[SECURITY] Fedora 8 Update: gnome-python2-extras-2.19.1-15.fc8
2008-07-06 06:14:12
oraclelinux
oraclelinux
firefox security update
2008-07-02 00:00:00
firefox security update
2008-07-02 00:00:00
seamonkey security update
2008-07-02 00:00:00
redhat
redhat
(RHSA-2008:0569) Critical: firefox security update
2008-07-02 00:00:00
(RHSA-2008:0547) Critical: seamonkey security update
2008-07-02 00:00:00
(RHSA-2008:0549) Critical: firefox security update
2008-07-02 00:00:00
centos
centos
firefox security update
2008-07-02 19:45:20
devhelp, firefox, xulrunner, yelp security update
2008-07-06 14:53:42
seamonkey security update
2008-07-02 19:43:27
suse
suse
remote code execution in MozillaFirefox
2008-07-11 13:26:28
ubuntu
ubuntu
Firefox vulnerabilities
2008-07-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2008-07-03 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.14εε¨ε€δΈͺθΏη¨ζΌζ΄
2008-07-03 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-08-06 00:00:00
Related for SECURITYVULNS:DOC:20113