A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service.
Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling malicious image files when a user leaves a page with
designMode frames. According to the Mozilla Foundation Security Advisory 2008-06:
The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.
A remote, unauthorized attacker may be able to view browser history information or cause a denial of service.
Using the Mozilla Firefox NoScript extension to whitelist web sites that can run scripts and access installed plugins will mitigate this vulnerability.
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Updated: February 11, 2008
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to the Mozilla Foundation Security Advisory 2008-06.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Group | Score | Vector
Base | |
Temporal | |
Environmental | |
This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-06. Mozilla credits David Bloom for reporting this issue.
This document was written by Chris Taschner.
CVE IDs: | CVE-2008-0419
Severity Metric: | 5.94
Date Public: | 2008-02-07
Date First Published: | 2008-02-11
Date Last Updated: | 2008-02-11 15:57 UTC
Document Revision: | 21