1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Mozilla/Firefox/T-Bird Downloaded File Content Vulnerability-LINUX BUILDS

Discussion in 'Firefox, Thunderbird & SeaMonkey' started by Ramona, 2004/10/25.

Thread Status:
Not open for further replies.
  1. 2004/10/25
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    From Secunia Advisories

    TITLE:
    Mozilla / Firefox / Thunderbird Downloaded File Content Disclosure
    Vulnerability

    SECUNIA ADVISORY ID:
    SA12956

    VERIFY ADVISORY:
    http://secunia.com/advisories/12956/

    CRITICAL:
    Less critical

    IMPACT:
    Exposure of sensitive information

    WHERE:
    Local system

    SOFTWARE:
    Mozilla Thunderbird 0.x
    http://secunia.com/product/2637/
    Mozilla 1.7.x
    http://secunia.com/product/3691/
    Mozilla Firefox 0.x
    http://secunia.com/product/3256/

    DESCRIPTION:
    Martin has reported a vulnerability in Mozilla, Firefox, and
    Thunderbird, which can be exploited by malicious, local users to gain
    knowledge of sensitive information.

    The vulnerability is caused due to improper permissions on downloaded
    files opened in external applications. This can be exploited to read
    other users' files, which are currently opened through the download
    dialog box in external applications.

    The vulnerability reportedly affects the following Linux builds:
    * Mozilla 1.7 through 1.7.3.
    * Firefox 0.9 through 1.0PR.
    * Thunderbird 0.6 through 0.8.

    SOLUTION:
    Fixes are available in the CVS repository.

    PROVIDED AND/OR DISCOVERED BY:
    Martin

    ORIGINAL ADVISORY:
    http://broadcast.ptraced.net/advisories/008-firefox.thunderbird.txt

    OTHER REFERENCES:
    Bugzilla reference:
    https://bugzilla.mozilla.org/show_bug.cgi?id=251297

    (Last two, and most current comments)

    Additional Comment #18 From Daniel Veditz 2004-10-25 00:23 PDT [reply]

    Fixed on trunk
    ___

    Additional Comment #19 From Daniel Veditz 2004-10-25 03:57 PDT [reply]

    Posted on public security lists, removing confidential flag.

    ___
     
    Ramona,
    #1
  2. 2004/10/26
    Bmoore1129

    Bmoore1129 Geek Member

    Joined:
    2002/06/11
    Messages:
    1,675
    Likes Received:
    3
    Ramona

    Should this be in the sticky title?

     
    Bmoore1129,
    #2


  3. to hide this advert.

  4. 2004/10/26
    Jeane

    Jeane Inactive

    Joined:
    2004/05/07
    Messages:
    148
    Likes Received:
    0
    Could someone please expand a little bit on what this vulnerability is and where to get the fix for this? I have a hard time following the terminology at times.

    Thanks,

    Jeane
     
    Jeane,
    #3
  5. 2004/10/26
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Bill,

    Done!


    Ramona
     
    Ramona,
    #4
  6. 2004/10/26
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Peggy,

    There is no fix available just yet. Mozilla is very good about getting either an updated version or a patch for the security vulnerabilities. I haven't checked yet, but a patch has already been added to the trunk, and it may be in today's nightly builds. You're a Windows user, and this effects Linux, so no worry for you.

    Ramona
     
    Ramona,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...