Basic search

K
nessusTenable4365.PRM
HistoryFeb 08, 2008 - 12:00 a.m.

Mozilla Firefox < 2.0.0.12 Multiple Vulnerabilities

2008-02-0800:00:00
Tenable
www.tenable.com
10

The installed version of Firefox is affected by various security issues :

  • Several stability bugs leading to crashes that, in some cases, show traces of memory corruption
  • Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known.
  • Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS and/or remote code execution.
  • An issue that could allow a malicious site to inject newlines into the application’s password store when a user saves his password, resulting in corruption of saved passwords for other sites.
  • A directory traversal vulnerability via the ‘chrome:’ URI.
  • A vulnerability involving ‘designMode’ frames that may result in web browsing history and forward navigation stealing.
  • A file action dialog tampering vulnerability involving timer-enabled security dialogs.
  • Mis-handling of locally-saved plain text files.
  • Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects.
  • A failure to display a web forgery warning dialog in cases where the entire contents of a page are enclosed in a ‘<div>’ tag with absolute positioning.
Binary data 4365.prm
VendorProductVersion
mozillafirefox

References