LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2008-0414 CVE-2008-0416 CVE-2008-0420 CVE-2008-0594
Created:February 8, 2008 Updated:May 21, 2008
Description: From the Ubuntu advisory:
Flaws were discovered in the file upload form control. A malicious website could force arbitrary files from the user's computer to be uploaded without consent. (CVE-2008-0414)

Various flaws were discovered in character encoding handling. If a user were ticked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)

Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420)

Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog wasn't displayed under certain circumstances. A malicious website could exploit this to conduct phishing attacks against the user. (CVE-2008-0594)

Alerts:
Gentoo 200805-18 2008-05-20
Ubuntu USN-592-1 2008-03-26
Debian DSA-1485-2 2008-03-17
Debian DSA-1506-2 2008-03-20
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Ubuntu USN-582-1 2008-02-29
Fedora FEDORA-2008-2060 2008-02-28
Fedora FEDORA-2008-2118 2008-02-28
Debian DSA-1506-1 2008-02-24
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Ubuntu USN-582-2 2008-03-06
Red Hat RHSA-2008:0105-02 2008-02-27
Mandriva MDVSA-2008:048 2007-02-22
SuSE SUSE-SA:2008:008 2008-02-15
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2008-1459 2008-02-13
Fedora FEDORA-2008-1669 2008-02-13
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Foresight FLEA-2008-0001-1 2008-02-11
rPath rPSA-2008-0051-1 2008-02-08
Debian DSA-1489-1 2008-02-10
Debian DSA-1485-1 2008-02-10
Debian DSA-1484-1 2008-02-10
Ubuntu USN-576-1 2008-02-08
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds