Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
Published:23.10.2007
Source:
SecurityVulns ID:8285
Type:client
Threat Level:
8/10
Description:Code exectuion with invalid % encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
CVE:CVE-2007-5340
 CVE-2007-5339
 CVE-2007-5338
 CVE-2007-5337
 CVE-2007-5334
 CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary commands via a "single unexpected URI" within a (1) mailto, (2) nntp, (3) news, or (4) snews URI, related to improper file type handling, a variant of CVE-2007-3845. NOTE: this information is based upon a vague pre-advisory.)
 CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field.)
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.)
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.)
 CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-36 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-35 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-34 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-33 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-32 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-31 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-30 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-29 (23.10.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod