Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1240

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1240
Last Modified 07 Mar 2011 10:06:23
Published 27 Mar 2008 09:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1240

Summary

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.12

  • Mozilla Seamonkey 1.1.8


References

CERT - TA08-087A

VUPEN - ADV-2008-1793

VUPEN - ADV-2008-0998

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-18.html

GENTOO - GLSA-200805-18

SUNALERT - 238492

SECUNIA - 30620

XF - mozilla-liveconnect-unauthorized-access(41458)

UBUNTU - USN-592-1

BID - 28448

BUGTRAQ - 20080327 rPSA-2008-0128-1 firefox

MANDRIVA - MDVSA-2008:080

DEBIAN - DSA-1535

DEBIAN - DSA-1534

DEBIAN - DSA-1532

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

SECUNIA - 30327

SECUNIA - 29645

SECUNIA - 29616

SECUNIA - 29560

SECUNIA - 29558

SECUNIA - 29547

SECUNIA - 29541

SECUNIA - 29539

SECUNIA - 29526

SUSE - SUSE-SA:2008:019

Related Patches

Novell SUSE 2008:5164 mozilla-xulrunner security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:05