SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Seamonkey Vendors:   Mozilla.org
(Mozilla Issues Fix for Seamonkey) Java Runtime Environment Java APIs Let Remote JavaScript Gain Access to Network Resources
SecurityTracker Alert ID:  1019702
SecurityTracker URL:  http://securitytracker.com/id/1019702
CVE Reference:   CVE-2008-1195   (Links to External Site)
Date:  Mar 26 2008
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Java. A remote user can connect to network resources via the target user's system. Mozilla Seamonkey is affected.

A remote user can create specially crafted JavaScript that, when loaded by the target user, will invoke certain Java APIs to connect to arbitrary network resources via the target user's browser.

Certain versions of Java running Mozilla Firefox 2.0.0.9 and prior versions are affected.

Mozilla Firefox 2.0.0.10 and later are not affected.

Internet Explorer is not affected.

Gregory Fleischer and Mozilla reported this vulnerability.

Impact:   A remote user can create JavScript that, when loaded by the target user, will connect to arbitrary network resources via the target user's system.
Solution:   Mozilla has issued a fix for Seamonkey (1.1.9), which is affected by this vulnerability. The Mozilla fix is to protect users that do not have the Sun Java fix.

The Mozilla advisory is available at:

http://www.mozilla.org/security/announce/2008/mfsa2008-18.html

Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 6 2008 Java Runtime Environment Java APIs Let Remote JavaScript Gain Access to Network Resources



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC