Secunia
Login
|
|
CVE Reference: CVE-2008-4582 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4582 |
|
|
Description: Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45740 UBUNTU http://ubuntu.com/usn/usn-667-1 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 ST 1021190 1021190 1021212 SREASON http://securityreason.com/securityalert/4416 SAID Secunia Advisory: SA34501 Secunia Advisory: SA32684 Secunia Advisory: SA32778 Secunia Advisory: SA32853 Secunia Advisory: SA32192 Secunia Advisory: SA32721 Secunia Advisory: SA32845 Secunia Advisory: SA32693 Secunia Advisory: SA32714 Secunia Advisory: SA33433 Secunia Advisory: SA33434 MISC http://liudieyu0.blog124.fc2.com/blog-entry-6.html FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1696 http://www.debian.org/security/2009/dsa-1697 http://www.debian.org/security/2008/dsa-1671 http://www.debian.org/security/2008/dsa-1669 CONFIRM http://www.mozilla.org/security/announce/2008/mfsa2008-47.html CERT http://www.us-cert.gov/cas/techalerts/TA08-319A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded BID 31747 31611 |
|
| Return to the previous page. |
