CVE-2008-4582

Priority
Negligible
Description
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly
identify the context of Windows .url shortcut files, which allows
user-assisted remote attackers to bypass the Same Origin Policy and obtain
sensitive information via an HTML document that is directly accessible
through a filesystem, as demonstrated by documents in (1) local folders,
(2) Windows share folders, and (3) RAR archives, and as demonstrated by
IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory
and (b) about:cache?device=disk, a variant of CVE-2008-2810.
References
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (3.0.4+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.0.0.19+nobinonly1-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.0.4+nobinonly-0ubuntu0.8.04.1)
Ubuntu 11.04 (Natty Narwhal):released (3.0.4+nobinonly-0ubuntu0.8.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (3.0.4+nobinonly-0ubuntu0.8.04.1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.1.15+nobinonly-0ubuntu0.8.04.2)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.1.15+nobinonly-0ubuntu2)
Ubuntu 11.04 (Natty Narwhal):released (1.1.15+nobinonly-0ubuntu2)
Ubuntu 11.10 (Oneiric Ocelot):released (1.1.15+nobinonly-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.9.0.4+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:09 UTC (commit 5347)