CVE-2008-1240 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-1240
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1240

Description: LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41458 UBUNTU http://www.ubuntu.com/usn/usn-592-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html SAID Secunia Advisory: SA29560 Secunia Advisory: SA29539 Secunia Advisory: SA29558 Secunia Advisory: SA29616 Secunia Advisory: SA29526 Secunia Advisory: SA29541 Secunia Advisory: SA29547 Secunia Advisory: SA29645 Secunia Advisory: SA30327 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:080 DEBIAN http://www.debian.org/security/2008/dsa-1534 http://www.debian.org/security/2008/dsa-1535 http://www.debian.org/security/2008/dsa-1532 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128 http://www.mozilla.org/security/announce/2008/mfsa2008-18.html CERT http://www.us-cert.gov/cas/techalerts/TA08-087A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/490196/100/0/threaded BID 28448

Return to the previous page.