Mozilla Firefox Cache Collision May Let Remote Users Obtain Cached Web Page Contents
|
|
SecurityTracker Alert ID: 1017699
|
|
SecurityTracker URL: http://securitytracker.com/id?1017699
|
|
CVE Reference: CVE-2007-0778
(Links to External Site)
|
Date: Feb 24 2007
|
Impact: Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Mozilla Foundation Security Advisory
|
Version(s): prior to 1.5.0.10, also 2.0, 2.0.0.1
|
Description: A vulnerability was reported in Mozilla Firefox. A remote user may be able to obtain information from the target user's browser cache.
Two web pages can collide in the disk cache, causing portions of the longer document to be appended to the shorter document. A remote
user may be able to exploit this to obtain information from the target user's web cache.
Seamonkey is also affected.
Aad reported
this vulnerability.
|
Impact: A remote user may be able to obtain cached information from the target user's browser.
|
Solution: The vendor has issued a fix (1.5.0.10, 2.0.0.2).
The Mozilla advisory is available at:
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
|
Vendor URL: www.mozilla.org/security/announce/2007/mfsa2007-03.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 24 Feb 2007 01:25:56 -0500
Subject: Mozilla Firefox
|
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
CVE-2007-0778
|
|
