Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800031
Category:General
Title:Firefox .url Shortcut File Information Disclosure Vulnerability
Summary:The host is installed with Mozilla Firefox browser, that is prone; to information disclosure vulnerability.
Description:Summary:
The host is installed with Mozilla Firefox browser, that is prone
to information disclosure vulnerability.

Vulnerability Insight:
The Browser does not properly identify the context of Windows .url shortcut
files, which allows remote attackers to bypass the Same Origin Policy and
obtain sensitive information via an HTML document that is directly accessible
through a filesystem.

Vulnerability Impact:
Successful remote exploitation could result in disclosure of sensitive
information.

Affected Software/OS:
Firefox version 3.0.1 to 3.0.3 on Windows.

Solution:
Upgrade to Firefox version 3.6.3 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 31747
Common Vulnerability Exposure (CVE) ID: CVE-2008-4582
BugTraq ID: 31611
http://www.securityfocus.com/bid/31611
http://www.securityfocus.com/bid/31747
Bugtraq: 20081007 Firefox Privacy Broken If Used to Open Web Page File (Google Search)
http://www.securityfocus.com/archive/1/497091/100/0/threaded
Cert/CC Advisory: TA08-319A
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
Debian Security Information: DSA-1669 (Google Search)
http://www.debian.org/security/2008/dsa-1669
Debian Security Information: DSA-1671 (Google Search)
http://www.debian.org/security/2008/dsa-1671
Debian Security Information: DSA-1696 (Google Search)
http://www.debian.org/security/2009/dsa-1696
Debian Security Information: DSA-1697 (Google Search)
http://www.debian.org/security/2009/dsa-1697
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
http://liudieyu0.blog124.fc2.com/blog-entry-6.html
https://bugzilla.mozilla.org/show_bug.cgi?id=455311
http://www.securitytracker.com/id?1021190
http://securitytracker.com/alerts/2008/Nov/1021212.html
http://secunia.com/advisories/32192
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32714
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32845
http://secunia.com/advisories/32853
http://secunia.com/advisories/33433
http://secunia.com/advisories/33434
http://secunia.com/advisories/34501
http://securityreason.com/securityalert/4416
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://ubuntu.com/usn/usn-667-1
http://www.vupen.com/english/advisories/2008/2818
http://www.vupen.com/english/advisories/2009/0977
XForce ISS Database: firefox-internet-shortcut-info-disclosure(45740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45740
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.