Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(Mozilla Issues Fix for Thunderbird) Mozilla Firefox 2.0 Has Multiple Bugs That Permit Remote Code Execution, Certificate Spoofing, Cross-Site Scripting, and Other Impacts
|
|
SecurityTracker Alert ID: 1020556
|
|
SecurityTracker URL: http://securitytracker.com/id?1020556
|
|
CVE Reference: CVE-2008-2798
, CVE-2008-2799
, CVE-2008-2802
, CVE-2008-2803
, CVE-2008-2807
, CVE-2008-2809
, CVE-2008-2811
(Links to External Site)
|
Date: Jul 25 2008
|
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Mozilla Foundation Security Advisory
|
Version(s): 2.0.0.15 and prior versions
|
Description: Several vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. Mozilla Thunderbird is affected.
A remote user can create specially crafted HTML that, when loaded by the target user, will crash the target user's browser, execute
arbitrary code on the target user's browser, obtain files from the target user's system, spoof trusted certificates, or initiate
arbitrary socket connections.
A remote user can also cause arbitrary scripting code to be executed by the target user's browser.
The code will run in the security context of arbitrary domains. As a result, the code will be able to access the target user's
cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user
via web form to the site, or take actions on the site acting as the target user.
|
Impact: A remote user can create HTML that, when loaded by the target user, execute arbitrary code on the target user's browser, obtain files
from the target user's system, spoof trusted certificates, initiate arbitrary socket connections, or execute scripting code in arbitrary
domains.
|
Solution: Mozilla has issued a fix for CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, and CVE-2008-2811
for Thunderbird (2.0.0.16).
The Mozilla advisories are available at:
http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
http://www.mozilla.org/security
/announce/2008/mfsa2008-24.html
http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
http://ww
w.mozilla.org/security/announce/2008/mfsa2008-31.html
http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
|
Vendor URL: www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/ (Links to External Site)
|
Cause: Not specified
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 24 Jul 2008 21:47:14 -0400
Subject: Mozilla Thunderbird
|
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.16
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2802
CVE-2008-2803
CVE-2008-2807
CVE-2008-2809
CVE-2008-2811
|
|
Go to the Top of This SecurityTracker Archive Page
|
