 |
|
|
|
Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey
дополнено с 26 марта 2008 г. | | Опубликовано: |  | 28 марта 2008 г. | | Источник: |  | MOZILLA | | SecurityVulns ID: |  | 8838 | | Тип: |  | клиент | | Опасность: |  | 8/10 | | Описание: |  | Выполнение кода через Javascript, межсайтовый скриптинг, многочисленные DoS-условия, подмена URI и диалогов, доступ к локальным портам через Java, проблема с приватностью при использовании SSL-аутентификации. |
| Затронутые продукты: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 2.0 | | CVE: |  | CVE-2008-1241 | | | | CVE-2008-1240 | | | | CVE-2008-1238 | | | | CVE-2008-1237 | | | | CVE-2008-1236 | | | | CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals.") | | | | CVE-2008-1234 | | | | CVE-2008-1233 | | | | CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.) | | | | CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.) | | | | CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.) |
|
|
|
|
|
|
|
|
