CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.9%
The Mozilla Foundation reports of multiple security issues
in Firefox, Seamonkey, and Thunderbird. Several of these
issues can probably be used to run arbitrary code with the
privilege of the user running the program.
Web forgery overwrite with div overlay
URL token stealing via stylesheet redirect
Mishandling of locally-saved plain text files
File action dialog tampering
Possible information disclosure in BMP decoder
Web browsing history and forward navigation stealing
Directory traversal via chrome: URI
Stored password corruption
Privilege escalation, XSS, Remote Code Execution
Multiple file input focus stealing vulnerabilities
Crashes with evidence of memory corruption (rv:1.8.1.12)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 2.0.0.12,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 2.0.0.12 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox-devel | < 2.0.0.12 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 1.1.8 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 1.1.8 | UNKNOWN |
FreeBSD | any | noarch | flock | < 1.0.9 | UNKNOWN |
FreeBSD | any | noarch | linux-flock | < 1.0.9 | UNKNOWN |
www.mozilla.org/projects/security/known-vulnerabilities.html
www.mozilla.org/security/announce/2008/mfsa2008-01.html
www.mozilla.org/security/announce/2008/mfsa2008-02.html
www.mozilla.org/security/announce/2008/mfsa2008-03.html
www.mozilla.org/security/announce/2008/mfsa2008-04.html
www.mozilla.org/security/announce/2008/mfsa2008-05.html
www.mozilla.org/security/announce/2008/mfsa2008-06.html
www.mozilla.org/security/announce/2008/mfsa2008-07.html
www.mozilla.org/security/announce/2008/mfsa2008-08.html
www.mozilla.org/security/announce/2008/mfsa2008-09.html
www.mozilla.org/security/announce/2008/mfsa2008-10.html
www.mozilla.org/security/announce/2008/mfsa2008-11.html