Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - October 25, 2004

by Marianna Schmudlach / October 25, 2004 1:11 AM PDT

Mozilla / Firefox / Thunderbird Downloaded File Content Disclosure Vulnerability

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/
Mozilla 1.7.x
http://secunia.com/product/3691/
Mozilla Firefox 0.x
http://secunia.com/product/3256/

DESCRIPTION:
Martin has reported a vulnerability in Mozilla, Firefox, and
Thunderbird, which can be exploited by malicious, local users to gain
knowledge of sensitive information.

The vulnerability is caused due to improper permissions on downloaded
files opened in external applications. This can be exploited to read
other users' files, which are currently opened through the download
dialog box in external applications.

The vulnerability reportedly affects the following Linux builds:
* Mozilla 1.7 through 1.7.3.
* Firefox 0.9 through 1.0PR.
* Thunderbird 0.6 through 0.8.

SOLUTION:
Fixes are available in the CVS repository.

http://secunia.com/advisories/12956/

Discussion is locked
You are posting a reply to: VULNERABILITIES - October 25, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - October 25, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Kerberos V5 "send-pr.sh" Script Insecure Temporary File Crea
by Marianna Schmudlach / October 25, 2004 1:13 AM PDT

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Kerberos V5
http://secunia.com/product/556/

DESCRIPTION:
A vulnerability has been reported in Kerberos V5, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

http://secunia.com/advisories/12967/

Collapse -
Netcaptor Tabbed Browsing Vulnerabilities
by Donna Buenaventura / October 25, 2004 1:39 AM PDT

Two vulnerabilities have been discovered in Netcaptor, which can be exploited by malicious web sites to obtain sensitive information and spoof dialog boxes.

1) Inactive tabs can launch dialog boxes so they appear to be displayed by a web site in another tab. This can be exploited by a malicious web site to show a dialog box, which seems to originate from a trusted web site.

Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new tab.

A test is available in http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

2) Inactive tabs can gain focus from form fields on web sites in another tab. This can potentially be exploited to collect sensitive data entered in form fields on other web sites.

Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new tab.

A test is available in http://secunia.com/multiple_browsers_form_field_focus_test/

The vulnerabilities have been confirmed in version 7.5.2. Other versions may also be affected.

Solution: Don't visit trusted web sites while visiting untrusted web sites or disable JavaScript.

http://secunia.com/advisories/12966/

Collapse -
Re: VULNERABILITIES - October 25, 2004
by glenn30 / October 25, 2004 2:22 AM PDT

Marianna, I am new to Firefox 1.0PR. Is this something of concern to me and where where do I find it? Not familiar with CVS repository Confused

Send some flu vaccine down! Grin

Glenn

Collapse -
Re: VULNERABILITIES - October 25, 2004
by Marianna Schmudlach / October 25, 2004 4:09 AM PDT
Collapse -
Thanks Marianna! I'll NOT worry either...
by glenn30 / October 25, 2004 4:22 AM PDT

Wish I could come after the vaccine... there is little here. Many are standing in lines and still do not get it. Sad

Glenn

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.