Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 26.03.2008
Published:28.03.2008
Source:
SecurityVulns ID:8838
Type:client
Threat Level:
8/10
Description:Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 2.0
CVE:CVE-2008-1241
 CVE-2008-1240
 CVE-2008-1238
 CVE-2008-1237
 CVE-2008-1236
 CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals.")
 CVE-2008-1234
 CVE-2008-1233
 CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.)
 CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.)
 CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities (28.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-19 (26.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-18 (26.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-17 (26.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-16 (26.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-15 (26.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-14 (26.03.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-13 (26.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod