Vigil@nce : Firefox/Seamonkey, several vulnerabilities
July 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities were announced in Firefox/Seamonkey, the
worst one leading to code execution.
Gravity: 4/4
Consequences: user access/rights, data reading, denial of service
of client, disguisement
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 02/07/2008
Identifier: VIGILANCE-VUL-7923
IMPACTED PRODUCTS
– Mozilla Firefox [confidential versions]
– Mozilla SeaMonkey [confidential versions]
– Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
Several vulnerabilities were announced in Firefox/Seamonkey.
An attacker can corrupt the memory in order to execute code.
[grav:4/4; CVE-2008-2798, CVE-2008-2799, MFSA 2008-21]
An attacker can create a Cross Site Scripting via JavaScript.
[grav:3/4; CVE-2008-2800, MFSA 2008-22]
An attacker can invite the victim to use a modified version of a
signed JAR archive. [grav:3/4; CVE-2008-2801, MFSA 2008-23]
An attacker can execute a Chrome script via a "fastload" file.
[grav:4/4; CVE-2008-2802, MFSA 2008-24]
An attacker can execute code via mozIJSSubScriptLoader.loadSubScript().
[grav:4/4; CVE-2008-2803, MFSA 2008-25]
An attacker can upload a file via "originalTarget" and "DOM
Range". [grav:3/4; CVE-2008-2805, MFSA 2008-27]
On Mac OS X, an attacker can connect to sockets via Java
LiveConnect. [grav:3/4; CVE-2008-2806, MFSA 2008-28]
A malformed ".properties" files leads to usage of uninitialized
memory. [grav:2/4; CVE-2008-2807, MFSA 2008-29]
Urls of "file:" type in directory listings are not correctly
escaped. [grav:4/4; CVE-2008-2808, MFSA 2008-30]
The alternative name in a certificate can be used to spoof a web
site. [grav:1/4; CVE-2008-2809, MFSA 2008-31]
Windows shortcuts indicating a remote url are handled in the local
context. [grav:2/4; CVE-2008-2810, MFSA 2008-32]
An attacker can execute code when a block is redrawn. [grav:4/4;
CVE-2008-2811, MFSA 2008-33]
CHARACTERISTICS
Identifiers: CVE-2008-2798, CVE-2008-2799, CVE-2008-2800,
CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, MFSA 2008-20, MFSA 2008-21, MFSA 2008-22, MFSA 2008-23, MFSA 2008-24, MFSA 2008-25, MFSA 2008-27, MFSA 2008-28, MFSA 2008-29, MFSA 2008-30, MFSA 2008-31, MFSA 2008-32, MFSA 2008-33, RHSA-2008:0547-01, RHSA-2008:0549-01, RHSA-2008:0569-01, VIGILANCE-VUL-7923