| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2008-0412 CVE-2008-0413 CVE-2008-0414
Firefox: several vulnerabilities
Synthesis of the vulnerability
| Several vulnerabilities were announced in Firefox, the worst one leading to code execution. |
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet server.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Number of vulnerabilities in this bulletin: 12.
Creation date: 08/02/2008.
|
Impacted products
Description of the vulnerability
Several vulnerabilities were announced in Firefox.
Several memory corruptions can lead to code execution. [severity:4/4; CVE-2008-0412, CVE-2008-0413, MFSA 2008-01, >]
An attacker can create a special page, then invite user to press keys and a button, to upload a file (VIGILANCE-VUL-7382). [severity:1/4; BID-26669, CVE-2008-0414, MFSA 2008-02, >]
A JavaScript script can for example execute code with chrome privileges. [severity:4/4; CVE-2008-0415, MFSA 2008-03, >]
A web site can inject newlines in order to corrupt the password database. [severity:1/4; CVE-2008-0417, MFSA 2008-04, >]
An attacker can use a "chrome://" uri in order to access to Javascript files located on computer of victim (VIGILANCE-VUL-7523). [severity:2/4; BID-27406, CVE-2008-0418, MFSA 2008-05, VU#309608, >]
A site using designMode can obtain information, stop the browser and eventually execute code. [severity:3/4; CVE-2008-0419, MFSA 2008-06, VU#879056, >]
An attacker can create a BMP image with an invalid biClrUsed field of BITMAPINFOHEADER header in order to read a memory fragment. [severity:2/4; CVE-2008-0420, MFSA 2008-07, >]
An attacker can use Javascript to press the button of a warning dialog (VIGILANCE-VUL-6883). [severity:2/4; BID-24293, CVE-2008-0591, ERR-2007-3090, MFSA 2008-08, >]
An attacker can use "Content-Disposition: attachment" and "Content-Type: plain/text" to disturb text file handling. [severity:1/4; CVE-2008-0592, MFSA 2008-09, >]
A script can obtain the contents of the url after a 302 redirect. [severity:1/4; CVE-2008-0593, MFSA 2008-10, >]
A page contained in a DIV can bypass forgery detection warnings. [severity:1/4; CVE-2008-0594, MFSA 2008-11, >]
An attacker can create several Cross Site Scripting by changing character encodings. [severity:2/4; BID-29303, CVE-2008-0416, MFSA 2008-13, >] |
Characteristics
Title: Firefox: several vulnerabilities
Identifiers: 238492, 6663845, 6681417, 6695896, BID-24293, BID-26669, BID-27406, BID-27683, BID-29303, CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594, DSA-1484-1, DSA-1489-1, DSA-1506-1, ERR-2007-3090, FEDORA-2008-1435, FEDORA-2008-1459, FEDORA-2008-1535, FEDORA-2008-1669, MDVSA-2008:048, MFSA 2008-01, MFSA 2008-02, MFSA 2008-03, MFSA 2008-04, MFSA 2008-05, MFSA 2008-06, MFSA 2008-07, MFSA 2008-08, MFSA 2008-09, MFSA 2008-10, MFSA 2008-11, MFSA 2008-13, RHSA-2008:0103-01, SSA:2008-043-01, SUSE-SA:2008:008, TLSA-2008-9, VIGILANCE-VUL-7558, VU#309608, VU#879056.
Url: https://vigilance.fr/tree/1/7558
|
Solutions for this vulnerability
Supplements
Vulnerability : MFSA 2008-01
Several memory corruptions can lead to code execution.
Severity: 4/4.
Identifiers: CVE-2008-0412, CVE-2008-0413, MFSA 2008-01.
|
|
Vulnerability : MFSA 2008-02
An attacker can create a special page, then invite user to press keys and a button, to upload a file (VIGILANCE-VUL-7382).
Severity: 1/4.
Identifiers: BID-26669, CVE-2008-0414, MFSA 2008-02.
|
|
Vulnerability : MFSA 2008-03
A JavaScript script can for example execute code with chrome privileges.
Severity: 4/4.
Identifiers: CVE-2008-0415, MFSA 2008-03.
|
|
Vulnerability : MFSA 2008-04
A web site can inject newlines in order to corrupt the password database.
Severity: 1/4.
Identifiers: CVE-2008-0417, MFSA 2008-04.
|
|
Vulnerability : MFSA 2008-05
An attacker can use a "chrome://" uri in order to access to Javascript files located on computer of victim (VIGILANCE-VUL-7523).
Severity: 2/4.
Identifiers: BID-27406, CVE-2008-0418, MFSA 2008-05, VU#309608.
|
|
Vulnerability : MFSA 2008-06
A site using designMode can obtain information, stop the browser and eventually execute code.
Severity: 3/4.
Identifiers: CVE-2008-0419, MFSA 2008-06, VU#879056.
|
|
Vulnerability : MFSA 2008-07
An attacker can create a BMP image with an invalid biClrUsed field of BITMAPINFOHEADER header in order to read a memory fragment.
Severity: 2/4.
Identifiers: CVE-2008-0420, MFSA 2008-07.
|
|
Vulnerability : MFSA 2008-08
An attacker can use Javascript to press the button of a warning dialog (VIGILANCE-VUL-6883).
Severity: 2/4.
Identifiers: BID-24293, CVE-2008-0591, ERR-2007-3090, MFSA 2008-08.
|
|
Vulnerability : MFSA 2008-09
An attacker can use "Content-Disposition: attachment" and "Content-Type: plain/text" to disturb text file handling.
Severity: 1/4.
Identifiers: CVE-2008-0592, MFSA 2008-09.
|
|
Vulnerability : MFSA 2008-10
A script can obtain the contents of the url after a 302 redirect.
Severity: 1/4.
Identifiers: CVE-2008-0593, MFSA 2008-10.
|
|
Vulnerability : MFSA 2008-11
A page contained in a DIV can bypass forgery detection warnings.
Severity: 1/4.
Identifiers: CVE-2008-0594, MFSA 2008-11.
|
|
Vulnerability : MFSA 2008-13
An attacker can create several Cross Site Scripting by changing character encodings.
Severity: 2/4.
Identifiers: BID-29303, CVE-2008-0416, MFSA 2008-13.
|
|
|
