|
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
updated since 10.02.2008 | | Published: |  | 11.02.2008 | | Source: |  | MOZILLA | | SecurityVulns ID: |  | 8648 | | Type: |  | client | | Level: |  | 9/10 | | Description: |  | Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing. |
| Affected: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | CVE: |  | CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.) | | | | CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.) | | | | CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.) | | | | CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 allows user-assisted remote attackers to cause users to confirm a timer-enabled security dialog by using a timer to change the window focus.) | | | | CVE-2008-0419 | | | | CVE-2008-0418 | | | | CVE-2008-0417 | | | | CVE-2008-0415 | | | | CVE-2008-0414 | | | | CVE-2008-0413 | | | | CVE-2008-0412 |
| Original document |  | carl hardwick, [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability (11.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-11 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-10 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-09 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-08 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-06 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-05 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-04 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-03 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-02 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-01 (10.02.2008) |
|
|
|
|
|
