Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20114
HistoryJul 03, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-28

2008-07-0300:00:00
vulners.com
13
JSON

Mozilla Foundation Security Advisory 2008-28

Title: Arbitrary socket connections with Java LiveConnect on Mac OS X
Impact: High
Announced: July 1, 2008
Reporter: Gregory Fleischer
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0
Firefox 2.0.0.15
SeaMonkey 1.1.10
Description

Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java Embedding Plugin (JEP) that ships with Firefox on Mac OS X. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains.
Workaround

Disable Java on Mac OS X until a version containing these fixes can be installed.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=408329
* CVE-2008-2806

Related

mozilla 1
prion 1
cve 1
ubuntucve 1
suse 1
ubuntu 1
nessus 10
openvas 14
securityvulns 1
seebug 1
mozilla
mozilla
Arbitrary socket connections with Java LiveConnect on Mac OS X — Mozilla
2008-07-01 00:00:00
prion
prion
Design/Logic Flaw
2008-07-07 23:41:00
cve
cve
CVE-2008-2806
2008-07-07 23:41:00
ubuntucve
ubuntucve
CVE-2008-2806
2008-07-07 00:00:00
suse
suse
remote code execution in MozillaFirefox
2008-07-11 13:26:28
ubuntu
ubuntu
Firefox vulnerabilities
2008-07-02 00:00:00
nessus
nessus
Firefox < 2.0.0.15 Multiple Vulnerabilities
2008-07-02 00:00:00
SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)
2008-07-15 00:00:00
Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-619-1)
2008-07-08 00:00:00
openvas
openvas
Mozilla Firefox Multiple Vulnerability July-08 (Windows)
2008-10-06 00:00:00
Mozilla Seamonkey Multiple Vulnerabilities July-08 (Windows)
2008-10-06 00:00:00
Mozilla Firefox Multiple Vulnerabilities July-08 (Windows)
2008-10-06 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2008-07-03 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.14存在多个远程漏洞
2008-07-03 00:00:00
JSON
Related for SECURITYVULNS:DOC:20114
mozilla1prion1cve1ubuntucve1suse1ubuntu1nessus10openvas14securityvulns1seebug1