 |
|
|
|
Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 10 февраля 2008 г. | | Опубликовано: |  | 11 февраля 2008 г. | | Источник: |  | MOZILLA | | SecurityVulns ID: |  | 8648 | | Тип: |  | клиент | | Опасность: |  | 9/10 | | Описание: |  | Многочисленные повреждения памяти, подмена фокуса ввода, межсайтовый скриптинг, выполнение кода, повреждение хранимой информации, обратный путь в каталогах, утечка информации, подмена текста в диалогах, |
| Затронутые продукты: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | CVE: |  | CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.) | | | | CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.) | | | | CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.) | | | | CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 allows user-assisted remote attackers to cause users to confirm a timer-enabled security dialog by using a timer to change the window focus.) | | | | CVE-2008-0419 | | | | CVE-2008-0418 | | | | CVE-2008-0417 | | | | CVE-2008-0415 | | | | CVE-2008-0414 | | | | CVE-2008-0413 | | | | CVE-2008-0412 |
| Оригинальный текст |  | carl hardwick, [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability (11.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-11 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-10 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-09 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-08 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-06 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-05 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-04 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-03 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-02 (10.02.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-01 (10.02.2008) |
|
|
|
|
|
|
|
|
