Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
updated since 10.02.2008
Published: 11.02.2008
Source: MOZILLA
SecurityVulns ID: 8648
Type: client
Level: 9/10
Description: Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing.

Affected: MOZILLA : Firefox 2.0
MOZILLA : Thunderbird 2.0
MOZILLA : SeaMonkey 1.1
CVE: CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.)
CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.)
CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.)
CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 allows user-assisted remote attackers to cause users to confirm a timer-enabled security dialog by using a timer to change the window focus.)
CVE-2008-0419
CVE-2008-0418
CVE-2008-0417
CVE-2008-0415
CVE-2008-0414
CVE-2008-0413
CVE-2008-0412

Original document carl hardwick, [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability (11.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-11 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-10 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-09 (10.02.2008)

document MOZILLA, Mozilla Foundation Security Advisory 2008-08 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-06 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-05 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-04 (10.02.2008)

document MOZILLA, Mozilla Foundation Security Advisory 2008-03 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-02 (10.02.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-01 (10.02.2008)

Files: Firefox 2.0.0.12 information leak vulnerability PoC
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

test server