Lucene search
SecurityvulnsSECURITYVULNS:DOC:19039HistoryFeb 10, 2008 - 12:00 a.m.
Mozilla Foundation Security Advisory 2008-08
2008-02-1000:00:00
vulners.com
24
Mozilla Foundation Security Advisory 2008-08
Title: File action dialog tampering
Impact: Moderate
Announced: February 7, 2008
Reporter: Michal Zalewski
Products: Firefox, Thunderbird
Fixed in: Firefox 2.0.0.12
Thunderbird 2.0.0.12
Description
Security researcher Michal Zalewski demonstrated that timer-enabled security dialogs can be subverted by attackers using JavaScript to change the window focus. Zalewski showed that a user could be tricked into confirming a security dialog of this type by bringing the dialog back into focus right before a user clicked in a predictable time and place.
Workaround
Disable JavaScript until a version containing these fixes can be installed.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=376473
* CVE-2008-0591
Related
veracode
veracode
Information Disclosure
2020-04-10 00:19:48
cve
cve
CVE-2008-0591
2008-02-09 00:00:00
CVE-2007-3090
2007-06-06 21:30:00
ubuntucve
ubuntucve
CVE-2008-0591
2008-02-09 00:00:00
prion
prion
Design/Logic Flaw
2008-02-09 00:00:00
Design/Logic Flaw
2007-06-06 21:30:00
mozilla
mozilla
File action dialog tampering — Mozilla
2008-02-07 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:062)
2009-04-23 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-582-1)
2008-03-04 00:00:00
Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
osv
osv
icedove - several vulnerabilities
2008-02-10 00:00:00
iceweasel - several vulnerabilities
2008-02-10 00:00:00
xulrunner - several vulnerabilities
2008-02-10 00:00:00
openvas
openvas
Mandriva Update for mozilla-thunderbird MDVSA-2008:062 (mozilla-thunderbird)
2009-04-09 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2008:062 (mozilla-thunderbird)
2009-04-09 00:00:00
CentOS Update for thunderbird CESA-2008:0105 centos5 i386
2009-02-27 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2008-02-29 00:00:00
Firefox vulnerabilities
2008-02-08 00:00:00
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0103) Critical: firefox security update
2008-02-07 00:00:00
(RHSA-2008:0104) Critical: seamonkey security update
2008-02-07 00:00:00
centos
centos
thunderbird security update
2008-02-08 19:19:22
firefox security update
2008-02-08 19:18:05
seamonkey security update
2008-02-11 00:20:26
fedora
fedora
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.12-1.fc7
2008-02-28 21:46:05
[SECURITY] Fedora 8 Update: seamonkey-1.1.8-1.fc8
2008-02-13 04:53:43
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: firefox security update
2008-02-08 00:00:00
Critical: seamonkey security update
2008-02-08 00:00:00
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12修复多个安全漏洞
2008-02-22 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
2008-02-11 00:00:00
debian
debian
[SECURITY] [DSA 1506-2] New iceape packages fix regression
2008-03-20 01:41:06
[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
2008-02-24 12:30:41
[SECURITY] [DSA 1484-1] New xulrunner packages fix several vulnerabilities
2008-02-10 20:23:48
suse
suse
remote code execution in MozillaFirefox,seamonkey
2008-02-15 17:07:07
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-02-07 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
Related for SECURITYVULNS:DOC:19039