CVE-2007-4879 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4879
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4879

Description: Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-592-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html ST 1019704 SAID Secunia Advisory: SA29541 Secunia Advisory: SA29526 Secunia Advisory: SA29616 Secunia Advisory: SA29539 Secunia Advisory: SA29558 Secunia Advisory: SA29560 Secunia Advisory: SA29547 Secunia Advisory: SA29645 Secunia Advisory: SA30327 MISC http://0x90.eu/ff_tls_poc.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:080 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml DEBIAN http://www.debian.org/security/2008/dsa-1535 http://www.debian.org/security/2008/dsa-1532 http://www.debian.org/security/2008/dsa-1534 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128 http://www.mozilla.org/security/announce/2008/mfsa2008-17.html CERT http://www.us-cert.gov/cas/techalerts/TA08-087A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/490196/100/0/threaded BID 28448

Return to the previous page.