Mozilla Firefox / Seamonkey multiple security vulnerabilities updated since 26.03.2008
Published:		28.03.2008
Source:		MOZILLA
SecurityVulns ID:		8838
Type:		client
Level:		8/10
Description:		Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication.

Affected:		MOZILLA : Firefox 2.0
		MOZILLA : Thunderbird 2.0
		MOZILLA : Seamonkey 2.0
CVE:		CVE-2008-1241
		CVE-2008-1240
		CVE-2008-1238
		CVE-2008-1237
		CVE-2008-1236
		CVE-2008-1235
		CVE-2008-1234
		CVE-2008-1233
		CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.)
		CVE-2008-0416
		CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.)

Original document		CERT, US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities (28.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-19 (26.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-18 (26.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-17 (26.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-16 (26.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-15 (26.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-14 (26.03.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-13 (26.03.2008)

Discuss:

Read or add your comments to this news (0 comments)