exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2008-2933

Status Candidate

Overview

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.

Related Files

Debian Linux Security Advisory 1697-1
Posted Jan 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836
SHA-256 | 5f3741463ecc48ccf8ae4ebfd405196b887e872bd1b70b5a03ec77dabc5422bc
Gentoo Linux Security Advisory 200808-3
Posted Aug 6, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-03 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.16 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1380, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933
SHA-256 | f7ccc3b43cd5bbe95a3c5751dd9add265fff6b82e81dacde4ef97e2cc742415f
Ubuntu Security Notice 626-2
Posted Aug 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 626-2 - USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.

tags | advisory, web, denial of service, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 208d9fa4ec91bae0914c869ff66a50adc922a82314b1dfa26695559e72d2bd49
Ubuntu Security Notice 626-1
Posted Jul 29, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 626-1 - Multiple vulnerabilities in Firefox and xulrunner were addressed related to denial of service and splitting issues.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933, CVE-2008-2934
SHA-256 | 9d634e80f76191cdd15b2b4e0a11ca3c4cb89114f8cae5e64178d060845cffcf
Debian Linux Security Advisory 1615-1
Posted Jul 23, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2933
SHA-256 | 1293a230aec19d4794ad667b0743ae3a6d411870c09bf514b6c912b80f087494
Debian Linux Security Advisory 1614-1
Posted Jul 23, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1614-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 59ff1e0473a5b291feb220328e663ac8016843d8bd53f10e2bf2127d720e8f71
Mandriva Linux Security Advisory 2008-148
Posted Jul 18, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16. This update provides the latest Firefox to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 76eba6f73b6e7d2a8516126a241390c9d29ff38bdb15204ca28713e69a032f18
Ubuntu Security Notice 623-1
Posted Jul 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.

tags | advisory, web, denial of service, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 742712b79adb44ac6f189292da21ee47a7e298cb82d206626f47d0691011053a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close