logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2008-1240

Description

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.


Affected Package


OS OS Version Package Name Package Version
ubuntu 06.10 firefox 2.0.0.13+0nobinonly-0ubuntu0.6.10
ubuntu 07.04 firefox 2.0.0.13+0nobinonly-0ubuntu0.7.4
ubuntu 07.10 firefox 2.0.0.13+1nobinonly-0ubuntu0.7.10
ubuntu 08.04 firefox 2.0.0.13+1nobinonly-0ubuntu1
ubuntu upstream firefox 2.0.0.13
ubuntu 07.10 iceape any
ubuntu upstream iceape 1.1.9
ubuntu upstream iceweasel any
ubuntu 08.04 seamonkey 1.1.9+nobinonly-0ubuntu1
ubuntu 08.10 seamonkey 1.1.9+nobinonly-0ubuntu1
ubuntu upstream seamonkey 1.1.9
ubuntu 06.10 xulrunner any
ubuntu 07.04 xulrunner any
ubuntu 07.10 xulrunner 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
ubuntu 08.04 xulrunner 1.8.1.13+nobinonly-0ubuntu1
ubuntu 08.10 xulrunner 1.8.1.13+nobinonly-0ubuntu1
ubuntu upstream xulrunner any

Related