CVE-2008-4582 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4582
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4582

Description: Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45740 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 ST 1021190 1021212 1021190 SREASON http://securityreason.com/securityalert/4416 SAID Secunia Advisory: SA33434 Secunia Advisory: SA33433 Secunia Advisory: SA32714 Secunia Advisory: SA32693 Secunia Advisory: SA32845 Secunia Advisory: SA32721 Secunia Advisory: SA32192 Secunia Advisory: SA34501 MISC http://liudieyu0.blog124.fc2.com/blog-entry-6.html FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2009/dsa-1697 http://www.debian.org/security/2009/dsa-1696 http://www.debian.org/security/2008/dsa-1671 CONFIRM http://www.mozilla.org/security/announce/2008/mfsa2008-47.html CERT http://www.us-cert.gov/cas/techalerts/TA08-319A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded BID 31747 31611

Return to the previous page.