(Mozilla Issues Fix for SeaMonkey) Mozilla Firefox '.url' Windows Shortcut Files May Let Remote Users Obtain Potentially Sensitive Information
|
|
SecurityTracker Alert ID: 1021212
|
|
SecurityTracker URL: http://securitytracker.com/id?1021212
|
|
CVE Reference: CVE-2008-4582
(Links to External Site)
|
Date: Nov 13 2008
|
Impact: Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Mozilla Foundation Security Advisory
|
Version(s): prior to 1.1.13
|
Description: A vulnerability was reported in Mozilla Firefox. A remote user can obtain potentially sensitive information from the target user's browser cache. Mozilla SeaMonkey is affected.
A remote user can create a specially crafted '.url' shortcut file and specially crafted HTML that, when downloaded by the target
user, will be able to access potentially sensitive information from the target user's browser cache.
SeaMonkey is also affected.
Liu
Die Yu of TopsecTianRongXin reported this vulnerability.
|
Impact: A remote user can obtain potentially sensitive information from the target user's browser cache in certain cases.
|
Solution: The vendor has issued a fix for SeaMonkey (1.1.13), which is affected by this vulnerability.
The vendor's advisory is available at:
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html
|
Vendor URL: www.mozilla.org/security/announce/2008/mfsa2008-47.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 13 Nov 2008 01:10:08 -0500
Subject: Mozilla SeaMonkey
|
Fixed in SeaMonkey 1.1.13
MFSA 2008-47 Information stealing via local shortcut files
CVE-2008-4582
|
|
