Executive Summary
Summary | |
---|---|
Title | Mozilla browsers fail to properly handle images |
Informations | |||
---|---|---|---|
Name | VU#879056 | First vendor Publication | 2008-02-11 |
Vendor | VU-CERT | Last vendor Modification | 2008-02-11 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#879056Mozilla browsers fail to properly handle imagesOverviewA vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service.I. DescriptionMozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling malicious image files when a user leaves a page with designMode frames. According to the Mozilla Foundation Security Advisory 2008-06:The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code. Note that JavaScript must be enabled in order for this vulnerability to exist. JavaScript is enabled by default in the Firefox and Mozilla web browsers. Exploitation can occur by accessing a specially crafted web page with Firefox. II. ImpactA remote, unauthorized attacker may be able to view browser history information or cause a denial of service.III. SolutionApply an updateAccording to the Mozilla Foundation Security Advisory 2008-06 this vulnerability is addressed in Firefox 2.0.0.12 and SeaMonkey 1.1.8
References
This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-06. Mozilla credits David Bloom for reporting this issue. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/879056 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5021982.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_048.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-576-1 File : nvt/gb_ubuntu_USN_576_1.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0105-02 File : nvt/gb_RHSA-2008_0105-02_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0105-01 File : nvt/gb_RHSA-2008_0105-01_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0104-01 File : nvt/gb_RHSA-2008_0104-01_seamonkey.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0103-01 File : nvt/gb_RHSA-2008_0103-01_firefox.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0105 centos5 i386 File : nvt/gb_CESA-2008_0105_thunderbird_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0105 centos5 x86_64 File : nvt/gb_CESA-2008_0105_thunderbird_centos5_x86_64.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64 File : nvt/gb_CESA-2008_0105_thunderbird_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0105 centos4 i386 File : nvt/gb_CESA-2008_0105_thunderbird_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64 File : nvt/gb_CESA-2008_0104_seamonkey_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0104 centos4 i386 File : nvt/gb_CESA-2008_0104_seamonkey_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64 File : nvt/gb_CESA-2008_0104_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386 File : nvt/gb_CESA-2008_0104-01_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0103 centos3 i386 File : nvt/gb_CESA-2008_0103_firefox_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0103 centos3 x86_64 File : nvt/gb_CESA-2008_0103_firefox_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0104 centos3 i386 File : nvt/gb_CESA-2008_0104_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0103 centos4 i386 File : nvt/gb_CESA-2008_0103_firefox_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0103 centos4 x86_64 File : nvt/gb_CESA-2008_0103_firefox_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0103 centos5 i386 File : nvt/gb_CESA-2008_0103_firefox_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0103 centos5 x86_64 File : nvt/gb_CESA-2008_0103_firefox_centos5_x86_64.nasl |
2009-02-16 | Name : Fedora Update for blam FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_blam_fc8.nasl |
2009-02-16 | Name : Fedora Update for chmsee FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_chmsee_fc8.nasl |
2009-02-16 | Name : Fedora Update for devhelp FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_devhelp_fc8.nasl |
2009-02-16 | Name : Fedora Update for epiphany-extensions FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_epiphany-extensions_fc8.nasl |
2009-02-16 | Name : Fedora Update for epiphany FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_epiphany_fc8.nasl |
2009-02-16 | Name : Fedora Update for firefox FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_firefox_fc8.nasl |
2009-02-16 | Name : Fedora Update for galeon FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_galeon_fc8.nasl |
2009-02-16 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gnome-python2-extras_fc8.nasl |
2009-02-16 | Name : Fedora Update for gnome-web-photo FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gnome-web-photo_fc8.nasl |
2009-02-16 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gtkmozembedmm_fc8.nasl |
2009-02-16 | Name : Fedora Update for kazehakase FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_kazehakase_fc8.nasl |
2009-02-16 | Name : Fedora Update for liferea FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_liferea_fc8.nasl |
2009-02-16 | Name : Fedora Update for openvrml FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_openvrml_fc8.nasl |
2009-02-16 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_ruby-gnome2_fc8.nasl |
2009-02-16 | Name : Fedora Update for yelp FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_yelp_fc8.nasl |
2009-02-16 | Name : Fedora Update for thunderbird FEDORA-2008-2118 File : nvt/gb_fedora_2008_2118_thunderbird_fc7.nasl |
2009-02-16 | Name : Fedora Update for thunderbird FEDORA-2008-2060 File : nvt/gb_fedora_2008_2060_thunderbird_fc8.nasl |
2009-02-16 | Name : Fedora Update for seamonkey FEDORA-2008-1669 File : nvt/gb_fedora_2008_1669_seamonkey_fc7.nasl |
2009-02-16 | Name : Fedora Update for galeon FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_galeon_fc7.nasl |
2009-02-16 | Name : Fedora Update for seamonkey FEDORA-2008-1459 File : nvt/gb_fedora_2008_1459_seamonkey_fc8.nasl |
2009-02-16 | Name : Fedora Update for Miro FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_Miro_fc7.nasl |
2009-02-16 | Name : Fedora Update for chmsee FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_chmsee_fc7.nasl |
2009-02-16 | Name : Fedora Update for devhelp FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_devhelp_fc7.nasl |
2009-02-16 | Name : Fedora Update for epiphany-extensions FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_epiphany-extensions_fc7.nasl |
2009-02-16 | Name : Fedora Update for epiphany FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_epiphany_fc7.nasl |
2009-02-16 | Name : Fedora Update for firefox FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_firefox_fc7.nasl |
2009-02-16 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_gnome-python2-extras_fc7.nasl |
2009-02-16 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_gtkmozembedmm_fc7.nasl |
2009-02-16 | Name : Fedora Update for kazehakase FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_kazehakase_fc7.nasl |
2009-02-16 | Name : Fedora Update for liferea FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_liferea_fc7.nasl |
2009-02-16 | Name : Fedora Update for openvrml FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_openvrml_fc7.nasl |
2009-02-16 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_ruby-gnome2_fc7.nasl |
2009-02-16 | Name : Fedora Update for yelp FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_yelp_fc7.nasl |
2009-02-16 | Name : Fedora Update for Miro FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_Miro_fc8.nasl |
2009-01-23 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:008 File : nvt/gb_suse_2008_008.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-18 (mozilla ...) File : nvt/glsa_200805_18.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox31.nasl |
2008-03-27 | Name : Debian Security Advisory DSA 1506-2 (iceape) File : nvt/deb_1506_2.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1485-2 (icedove) File : nvt/deb_1485_2.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1506-1 (iceape) File : nvt/deb_1506_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1484-1 (xulrunner) File : nvt/deb_1484_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1489-1 (iceweasel) File : nvt/deb_1489_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1485-1 (icedove) File : nvt/deb_1485_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41218 | Mozilla Multiple Browsers designMode Frame Forward Navigation Information Dis... Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0105.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0104.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0103.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080207_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080207_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080207_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-048.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-18.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner-5118.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner-5123.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_epiphany-5102.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5095.nasl - Type : ACT_GATHER_INFO |
2008-03-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5098.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2060.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2118.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_810a5197e0d911dc891a02061b08fc24.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1506.nasl - Type : ACT_GATHER_INFO |
2008-02-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : netscape_browser_9006.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5012.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5011.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-1535.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5001.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5002.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-1435.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1669.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1459.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-576-1.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0103.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0105.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0104.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0103.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1489.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1485.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1484.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0105.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0104.nasl - Type : ACT_GATHER_INFO |
2008-02-08 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_118.nasl - Type : ACT_GATHER_INFO |
2008-02-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20012.nasl - Type : ACT_GATHER_INFO |