exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2008-5012

Status Candidate

Overview

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.

Related Files

Gentoo Linux Security Advisory 201301-01
Posted Jan 8, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201301-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. Versions less than 10.0.11 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3101, CVE-2007-2436, CVE-2007-2437, CVE-2007-2671, CVE-2007-3073, CVE-2008-0016, CVE-2008-0017, CVE-2008-0367, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014
SHA-256 | 741702614c26339e63b97a9b8ab9a9381edca7bbd021557829522edcdfbddb9c
Debian Linux Security Advisory 1696-1
Posted Jan 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022
SHA-256 | 154fedd699ba34a05bcf8f64a0d9f5313de39f5e8b2112be12d7f1262c1160b3
Ubuntu Security Notice 668-1
Posted Nov 26, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-668-1 - Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. Jesse Ruderman discovered that Thunderbird did not properly guard locks on non-native objects. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. Several problems were discovered in the browser, layout and JavaScript engines. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. A flaw was discovered in Thunderbird's DOM constructing code. If a user were tricked into opening a malicious website while having JavaScript enabled, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could execute JavaScript in the context of a different website. Chris Evans discovered that Thunderbird did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. Boris Zbarsky discovered that Thunderbird did not properly process comments in forwarded in-line messages. If a user had JavaScript enabled and opened a malicious email, an attacker may be able to obtain information about the recipient.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024
SHA-256 | 93c13caf984544b75658e4212d7aaa699eb879c7bc04c2105c1fd518f47587d5
Debian Linux Security Advisory 1671-1
Posted Nov 25, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1671-1 - Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024
SHA-256 | c5a78f55c14b26a68e81841d5360df0539f188aeeb9f349c63487740de70a5a8
Debian Linux Security Advisory 1669-1
Posted Nov 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1669-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014
SHA-256 | 16a5602630e90c5a1df347eab5a49a6a7a2f3a60110927a235deafc6f4f972c7
Mandriva Linux Security Advisory 2008-235
Posted Nov 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-235 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.18. This update provides the latest Thunderbird to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5052
SHA-256 | 44036de256b0e04eb1de81b4d8a4440f06f4eb36e8dc7c04a8a72dea9cd3a984
Chris Evans Security Advisory 2008.9
Posted Nov 19, 2008
Authored by Chris Evans

Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability.

tags | advisory, arbitrary
advisories | CVE-2008-5012
SHA-256 | d0194747a05587197d8e8c47a948cf9b3eee714682e19c5c1a8a0ea718f09d2e
Ubuntu Security Notice 667-1
Posted Nov 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-667-1 - A large amount of vulnerabilities have been addressed in Firefox. Flaws such as information disclosure, bypassing of same-origin checks, arbitrary code execution, and more exist in prior versions.

tags | advisory, arbitrary, vulnerability, code execution, info disclosure
systems | linux, ubuntu
advisories | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5015, CVE-2008-5016, CVE-2008-5019, CVE-2008-5021, CVE-2008-5024
SHA-256 | 3539bbffe716c66f61f4752616fc676ae59204f98ea1fa83c48246d195046fbb
Mandriva Linux Security Advisory 2008-228
Posted Nov 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-0017, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5052
SHA-256 | 1fc998809fc853d4ec354eccd0d4b35d156ad52fd46b64972d48908e0ba6e2c3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close