(Mozilla Issues Fix for Firefox) Java Runtime Environment Java APIs Let Remote JavaScript Gain Access to Network Resources
|
|
SecurityTracker Alert ID: 1019699 |
|
SecurityTracker URL: http://securitytracker.com/id/1019699
|
|
CVE Reference:
CVE-2008-1240
(Links to External Site)
|
Date: Mar 26 2008
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Java. A remote user can connect to network resources via the target user's system. Mozilla Firefox is affected.
A remote user can create specially crafted JavaScript that, when loaded by the target user, will invoke certain Java APIs to connect to arbitrary network resources via the target user's browser.
Certain versions of Java running Mozilla Firefox 2.0.0.9 and prior versions are affected.
Mozilla Firefox 2.0.0.10 and later are not affected.
Internet Explorer is not affected.
Gregory Fleischer and Mozilla reported this vulnerability.
|
Impact:
A remote user can create JavScript that, when loaded by the target user, will connect to arbitrary network resources via the target user's system.
|
Solution:
Mozilla has issued a fix for Firefox (2.0.0.13), which is affected by this vulnerability. The Mozilla fix is to protect users that do not have the Sun Java fix.
The Mozilla advisory is available at:
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 25 Mar 2008 23:51:49 -0500
Subject: http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
|
CVE-2008-1195
CVE-2008-1240
|
|
