Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20869
HistoryNov 14, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-51

2008-11-1400:00:00
vulners.com
19
JSON

Mozilla Foundation Security Advisory 2008-51

Title: file: URIs inherit chrome privileges when opened from chrome
Impact: Moderate
Announced: November 12, 2008
Reporter: Luke Bryan
Products: Firefox

Fixed in: Firefox 3.0.4
Description

Security researcher Luke Bryan reported that file: URIs are given chrome privileges when opened in the same tab as a chrome page or privileged about: page. This vulnerability could be used by an attacker to run arbitrary JavaScript with chrome privileges. The severity of this issue was determined to be moderate as it requires an attacker to have malicious code saved locally, then have a user open a chrome: document or privileged about: URI, and then open the malicious file in the same privileged tab.

Firefox 2 is not affected by this issue.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=447579
* CVE-2008-5015

Related

prion 1
cve 1
mozilla 1
ubuntucve 1
veracode 1
nessus 15
openvas 101
fedora 21
redhat 1
oraclelinux 1
centos 1
suse 1
securityvulns 1
ubuntu 1
freebsd 1
gentoo 1
prion
prion
Code injection
2008-11-13 11:30:00
cve
cve
CVE-2008-5015
2008-11-13 11:30:00
mozilla
mozilla
file: URIs inherit chrome privileges when opened from chrome — Mozilla
2008-11-12 00:00:00
ubuntucve
ubuntucve
CVE-2008-5015
2008-11-13 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:27:09
nessus
nessus
Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities
2008-11-13 00:00:00
Mandriva Linux Security Advisory : firefox (MDVSA-2008:230)
2009-04-23 00:00:00
Oracle Linux 5 : firefox (ELSA-2008-0978)
2013-07-12 00:00:00
openvas
openvas
Mandriva Update for firefox MDVSA-2008:230 (firefox)
2009-04-09 00:00:00
Mandriva Update for firefox MDVSA-2008:230 (firefox)
2009-04-09 00:00:00
CentOS Update for firefox CESA-2008:0978 centos4 x86_64
2009-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: galeon-2.0.7-3.fc9
2008-11-14 12:52:42
[SECURITY] Fedora 9 Update: mozvoikko-0.9.5-4.fc9
2008-11-14 12:52:42
[SECURITY] Fedora 9 Update: Miro-1.2.7-2.fc9
2008-11-14 12:52:42
redhat
redhat
(RHSA-2008:0978) Critical: firefox security update
2008-11-12 00:00:00
oraclelinux
oraclelinux
firefox security update
2008-11-13 00:00:00
centos
centos
devhelp, firefox, nss, xulrunner, yelp security update
2008-11-14 23:55:42
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2008-11-26 16:19:10
securityvulns
securityvulns
Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
2008-11-14 00:00:00
ubuntu
ubuntu
Firefox and xulrunner vulnerabilities
2008-11-17 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-11-13 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:20869
prion1cve1mozilla1ubuntucve1veracode1nessus15openvas101fedora21redhat1oraclelinux1centos1suse1securityvulns1ubuntu1freebsd1gentoo1