Vulnerability-Lookup

CVE-2008-1241 (GCVE-0-2008-1241)

Vulnerability from cvelistv5 – Published: 2008-03-27 10:00 – Updated: 2024-08-07 08:17

Summary

GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.securityfocus.com/archive/1/490196/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/29541	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29539	third-party-advisoryx_refsource_SECUNIA
	http://www.mozilla.org/security/announce/2008/mfs…	x_refsource_CONFIRM
	http://secunia.com/advisories/30620	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29560	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1532	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/30327	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.ubuntu.com/usn/usn-592-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/29616	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29550	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29645	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29607	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2008/1793…	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29558	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2008-0208.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/29526	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.us-cert.gov/cas/techalerts/TA08-087A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/29391	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1019700	vdb-entryx_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/28448	vdb-entryx_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2008/dsa-1534	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/29547	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0998…	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1535	vendor-advisoryx_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:33.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080327 rPSA-2008-0128-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
          },
          {
            "name": "29541",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29541"
          },
          {
            "name": "29539",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
          },
          {
            "name": "30620",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30620"
          },
          {
            "name": "29560",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29560"
          },
          {
            "name": "DSA-1532",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1532"
          },
          {
            "name": "30327",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30327"
          },
          {
            "name": "238492",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
          },
          {
            "name": "USN-592-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-592-1"
          },
          {
            "name": "29616",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29616"
          },
          {
            "name": "29550",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29550"
          },
          {
            "name": "29645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29645"
          },
          {
            "name": "29607",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29607"
          },
          {
            "name": "oval:org.mitre.oval:def:11163",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
          },
          {
            "name": "ADV-2008-1793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1793/references"
          },
          {
            "name": "29558",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29558"
          },
          {
            "name": "RHSA-2008:0208",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
          },
          {
            "name": "29526",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29526"
          },
          {
            "name": "SUSE-SA:2008:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
          },
          {
            "name": "TA08-087A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
          },
          {
            "name": "29391",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29391"
          },
          {
            "name": "1019700",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019700"
          },
          {
            "name": "RHSA-2008:0209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
          },
          {
            "name": "28448",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28448"
          },
          {
            "name": "RHSA-2008:0207",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
          },
          {
            "name": "DSA-1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1534"
          },
          {
            "name": "29547",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29547"
          },
          {
            "name": "firefox-xul-popup-spoofing(41454)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
          },
          {
            "name": "GLSA-200805-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
          },
          {
            "name": "ADV-2008-0998",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0998/references"
          },
          {
            "name": "DSA-1535",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1535"
          },
          {
            "name": "MDVSA-2008:080",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20080327 rPSA-2008-0128-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
        },
        {
          "name": "29541",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29541"
        },
        {
          "name": "29539",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
        },
        {
          "name": "30620",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30620"
        },
        {
          "name": "29560",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29560"
        },
        {
          "name": "DSA-1532",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1532"
        },
        {
          "name": "30327",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30327"
        },
        {
          "name": "238492",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
        },
        {
          "name": "USN-592-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-592-1"
        },
        {
          "name": "29616",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29616"
        },
        {
          "name": "29550",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29550"
        },
        {
          "name": "29645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29645"
        },
        {
          "name": "29607",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29607"
        },
        {
          "name": "oval:org.mitre.oval:def:11163",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
        },
        {
          "name": "ADV-2008-1793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1793/references"
        },
        {
          "name": "29558",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29558"
        },
        {
          "name": "RHSA-2008:0208",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
        },
        {
          "name": "29526",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29526"
        },
        {
          "name": "SUSE-SA:2008:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
        },
        {
          "name": "TA08-087A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
        },
        {
          "name": "29391",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29391"
        },
        {
          "name": "1019700",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019700"
        },
        {
          "name": "RHSA-2008:0209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
        },
        {
          "name": "28448",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28448"
        },
        {
          "name": "RHSA-2008:0207",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
        },
        {
          "name": "DSA-1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1534"
        },
        {
          "name": "29547",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29547"
        },
        {
          "name": "firefox-xul-popup-spoofing(41454)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
        },
        {
          "name": "GLSA-200805-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
        },
        {
          "name": "ADV-2008-0998",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0998/references"
        },
        {
          "name": "DSA-1535",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1535"
        },
        {
          "name": "MDVSA-2008:080",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-1241",
    "datePublished": "2008-03-27T10:00:00.000Z",
    "dateReserved": "2008-03-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:17:33.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2008-1241

Vulnerability from fkie_nvd - Published: 2008-03-27 10:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2008-0208.html
secalert@redhat.com	http://secunia.com/advisories/29391
secalert@redhat.com	http://secunia.com/advisories/29526
secalert@redhat.com	http://secunia.com/advisories/29539
secalert@redhat.com	http://secunia.com/advisories/29541
secalert@redhat.com	http://secunia.com/advisories/29547
secalert@redhat.com	http://secunia.com/advisories/29550
secalert@redhat.com	http://secunia.com/advisories/29558
secalert@redhat.com	http://secunia.com/advisories/29560
secalert@redhat.com	http://secunia.com/advisories/29607
secalert@redhat.com	http://secunia.com/advisories/29616
secalert@redhat.com	http://secunia.com/advisories/29645
secalert@redhat.com	http://secunia.com/advisories/30327
secalert@redhat.com	http://secunia.com/advisories/30620
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1532
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1534
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1535
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
secalert@redhat.com	http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0207.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0209.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/490196/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/28448
secalert@redhat.com	http://www.securitytracker.com/id?1019700
secalert@redhat.com	http://www.ubuntu.com/usn/usn-592-1
secalert@redhat.com	http://www.us-cert.gov/cas/techalerts/TA08-087A.html	US Government Resource
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/0998/references
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1793/references
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41454
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2008-0208.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29391
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29526
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29539
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29541
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29547
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29550
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29558
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29560
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29607
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29616
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29645
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30327
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30620
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1532
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1534
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1535
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0207.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0209.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490196/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28448
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019700
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-592-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-087A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0998/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1793/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41454
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163

Impacted products

	Vendor	Product	Version
	mozilla	firefox	*
	mozilla	seamonkey	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D70186C3-B3C9-48A7-B282-37A9AB6F7726",
              "versionEndIncluding": "2.0.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DABC3E49-34F7-4748-B83F-6CF307230067",
              "versionEndIncluding": "1.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad GUI overlay Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos falsificar los elementos form y redireccionar entradas de los usuarios a trav\u00e9s de una ventana emergente borderless XUL de un tab de fondo."
    }
  ],
  "id": "CVE-2008-1241",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-27T10:44:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29391"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29526"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29539"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29541"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29547"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29550"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29558"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29560"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29607"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29616"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29645"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30327"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30620"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1532"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1534"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1535"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/28448"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1019700"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-592-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/0998/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1793/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-592-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0998/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1793/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WWX7-QX3F-7G4R

Vulnerability from github – Published: 2022-05-01 23:38 – Updated: 2022-05-01 23:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-27T10:44:00Z",
    "severity": "MODERATE"
  },
  "details": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.",
  "id": "GHSA-wwx7-qx3f-7g4r",
  "modified": "2022-05-01T23:38:04Z",
  "published": "2022-05-01T23:38:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1241"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29391"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29526"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29539"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29541"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29547"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29550"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29558"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29560"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29607"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29616"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29645"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30327"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30620"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1532"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1534"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1535"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28448"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019700"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-592-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0998/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1793/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-1241

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1241

Aliases

CVE-2008-1241

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1241",
    "description": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.",
    "id": "GSD-2008-1241",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-1241.html",
      "https://www.debian.org/security/2008/dsa-1535",
      "https://www.debian.org/security/2008/dsa-1534",
      "https://www.debian.org/security/2008/dsa-1532",
      "https://access.redhat.com/errata/RHSA-2008:0209",
      "https://access.redhat.com/errata/RHSA-2008:0208",
      "https://access.redhat.com/errata/RHSA-2008:0207",
      "https://linux.oracle.com/cve/CVE-2008-1241.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1241"
      ],
      "details": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.",
      "id": "GSD-2008-1241",
      "modified": "2023-12-13T01:23:03.638830Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-1241",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2008-0208.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
          },
          {
            "name": "http://secunia.com/advisories/29391",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29391"
          },
          {
            "name": "http://secunia.com/advisories/29526",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29526"
          },
          {
            "name": "http://secunia.com/advisories/29539",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29539"
          },
          {
            "name": "http://secunia.com/advisories/29541",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29541"
          },
          {
            "name": "http://secunia.com/advisories/29547",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29547"
          },
          {
            "name": "http://secunia.com/advisories/29550",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29550"
          },
          {
            "name": "http://secunia.com/advisories/29558",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29558"
          },
          {
            "name": "http://secunia.com/advisories/29560",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29560"
          },
          {
            "name": "http://secunia.com/advisories/29607",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29607"
          },
          {
            "name": "http://secunia.com/advisories/29616",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29616"
          },
          {
            "name": "http://secunia.com/advisories/29645",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29645"
          },
          {
            "name": "http://secunia.com/advisories/30327",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30327"
          },
          {
            "name": "http://secunia.com/advisories/30620",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30620"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1532",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1532"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1534",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1534"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1535",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1535"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html",
            "refsource": "MISC",
            "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2008-0207.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2008-0209.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/490196/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/28448",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/28448"
          },
          {
            "name": "http://www.securitytracker.com/id?1019700",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1019700"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-592-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-592-1"
          },
          {
            "name": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/0998/references",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/0998/references"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/1793/references",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/1793/references"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.0.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-1241"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-19.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
            },
            {
              "name": "DSA-1532",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1532"
            },
            {
              "name": "RHSA-2008:0208",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
            },
            {
              "name": "29391",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29391"
            },
            {
              "name": "29560",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29560"
            },
            {
              "name": "DSA-1534",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1534"
            },
            {
              "name": "DSA-1535",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1535"
            },
            {
              "name": "MDVSA-2008:080",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
            },
            {
              "name": "RHSA-2008:0207",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
            },
            {
              "name": "USN-592-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-592-1"
            },
            {
              "name": "TA08-087A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
            },
            {
              "name": "28448",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28448"
            },
            {
              "name": "1019700",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019700"
            },
            {
              "name": "29550",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29550"
            },
            {
              "name": "29539",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29539"
            },
            {
              "name": "29558",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29558"
            },
            {
              "name": "29616",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29616"
            },
            {
              "name": "29526",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29526"
            },
            {
              "name": "29541",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29541"
            },
            {
              "name": "29547",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29547"
            },
            {
              "name": "RHSA-2008:0209",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
            },
            {
              "name": "SUSE-SA:2008:019",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
            },
            {
              "name": "29645",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29645"
            },
            {
              "name": "29607",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29607"
            },
            {
              "name": "30327",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30327"
            },
            {
              "name": "GLSA-200805-18",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
            },
            {
              "name": "30620",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30620"
            },
            {
              "name": "238492",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
            },
            {
              "name": "ADV-2008-0998",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0998/references"
            },
            {
              "name": "ADV-2008-1793",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1793/references"
            },
            {
              "name": "firefox-xul-popup-spoofing(41454)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41454"
            },
            {
              "name": "oval:org.mitre.oval:def:11163",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163"
            },
            {
              "name": "20080327 rPSA-2008-0128-1 firefox",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:31Z",
      "publishedDate": "2008-03-27T10:44Z"
    }
  }
}

CERTA-2008-AVI-160

Vulnerability from certfr_avis - Published: 2008-03-26 - Updated: 2008-03-27

Plusieurs vulnérabilités affectent le navigateur Firefox. Leur exploitation permet à un utilisateur malveillant de contourner la politique de sécurité et en particulier d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent le navigateur Firefox.

Une erreur dans la gestion du protocole jar permet à un utilisateur malveillant d'ouvrir des connexions vers des ports arbitraires de la machine vulnérable.

Une erreur de gestion de certificats permet de divulguer des informations sensibles à un serveur malveillant.

Des erreurs dans le moteur d'affichage et dans l'interpréteur de Javascript permettent de provoquer des corruptions de mémoire. Ces corruptions sont exploitables pour exécuter indûment du code à distance.

Diverses erreurs permettent de :

provoquer des injections de code indirectes (cross-site scripting) ;
contourner des protections contre les attaques de type cross-site request forgery ;
d'exécuter du code Javascript avec élévation de privilèges ;
tromper l'utilisateur pour capturer ses identifiants et mots de passe.

Solution

La version 2.0.0.13 remédie à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Firefox, version 2.0.0.12 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1241 (GCVE-0-2008-1241)

FKIE_CVE-2008-1241

GHSA-WWX7-QX3F-7G4R

GSD-2008-1241

CERTA-2008-AVI-160

Description

Solution

Tags

Sightings

Nomenclature