Launchpad.net

CVE 2008-2810

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

Related bugs and status

CVE-2008-2810 (Candidate) is related to these bugs:

Bug #218534: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14

		In	Importance	Status
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu)	Undecided	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Dapper)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Dapper)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Dapper)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Dapper)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Feisty)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Feisty)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Feisty)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Feisty)	Critical	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Gutsy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Gutsy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Gutsy)	Undecided	Won't Fix
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Intrepid)	Undecided	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Intrepid)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Intrepid)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Intrepid)	Critical	Fix Released

Bug #254618: Please update xulrunner to 1.8.1.16 version.

Summary				In	Importance	Status
	254618	Please update xulrunner to 1.8.1.16 version.		xulrunner (Ubuntu)	High	Fix Released
	254618	Please update xulrunner to 1.8.1.16 version.		xulrunner (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
UBUNTU: USN-619-1
BID: 30038
SECUNIA: 30911
CONFIRM: https://issues.rpath.c...
FEDORA: FEDORA-2008-6127
FEDORA: FEDORA-2008-6193
FEDORA: FEDORA-2008-6196
REDHAT: RHSA-2008:0547
REDHAT: RHSA-2008:0549
REDHAT: RHSA-2008:0569
SUSE: SUSE-SA:2008:034
SECTRACK: 1020419
SECUNIA: 30878
SECUNIA: 30898
SECUNIA: 30903
SECUNIA: 30949
SECUNIA: 31005
SECUNIA: 31008
REDHAT: RHSA-2008:0616
SECUNIA: 31023
SECUNIA: 31195
GENTOO: GLSA-200808-03
SECUNIA: 31377
CONFIRM: http://wiki.rpath.com/...
SECUNIA: 31021
DEBIAN: DSA-1697
SECUNIA: 33433
VUPEN: ADV-2008-1993
SECUNIA: 31076
SLACKWARE: SSA:2008-191-03
SLACKWARE: SSA:2008-191
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080708 rPSA-2008-021...