modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

From Red Hat Security Advisory 2008:0105 :

Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

[Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304)

Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information.
(CVE-2008-0420, CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Thunderbird handles certain chrome URLs.
If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418)

Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled.

A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type 'plain/text', rather than 'text/plain', Thunderbird will not show future 'text/plain' content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592)

Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

From Red Hat Security Advisory 2008:0104 :

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)

A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)

A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

From Red Hat Security Advisory 2008:0103 :

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem.

We apologize for the inconvenience.

It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user.
(CVE-2008-0304)

Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413)

Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious message, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-0415)

Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418)

Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12.

This update provides the latest Firefox to correct these issues.

The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities)

    The following vulnerabilities were reported in all mentioned Mozilla     products:
    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul     Nickerson reported browser crashes related to JavaScript methods,     possibly triggering memory corruption (CVE-2008-0412).
    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,     Philip Taylor, and tgirmann reported crashes in the JavaScript engine,     possibly triggering memory corruption (CVE-2008-0413).
    David Bloom discovered a vulnerability in the way images are treated by     the browser when a user leaves a page, possibly triggering memory     corruption (CVE-2008-0419).
    moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of     privilege escalation vulnerabilities related to JavaScript     (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
    Mozilla developers identified browser crashes caused by the layout and     JavaScript engines, possibly triggering memory corruption     (CVE-2008-1236, CVE-2008-1237).
    moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from     its sandboxed context and run with chrome privileges, and inject script     content into another site, violating the browser's same origin policy     (CVE-2008-0415).
    Gerry Eisenhaur discovered a directory traversal vulnerability when     using 'flat' addons (CVE-2008-0418).
    Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported     multiple character handling flaws related to the backspace character,     the '0x80' character, involving zero-length non-ASCII sequences in     multiple character sets, that could facilitate Cross-Site Scripting     attacks (CVE-2008-0416).
    The following vulnerability was reported in Thunderbird and SeaMonkey:
    regenrecht (via iDefense) reported a heap-based buffer overflow when     rendering an email message with an external MIME body (CVE-2008-0304).
    The following vulnerabilities were reported in Firefox, SeaMonkey and     XULRunner:
    The fix for CVE-2008-1237 in Firefox 2.0.0.13     and SeaMonkey 1.1.9 introduced a new crash vulnerability     (CVE-2008-1380).
    hong and Gregory Fleischer each reported a     variant on earlier reported bugs regarding focus shifting in file input     controls (CVE-2008-0414).
    Gynvael Coldwind (Vexillium) discovered that BMP images could be used     to reveal uninitialized memory, and that this data could be extracted     using a 'canvas' feature (CVE-2008-0420).
    Chris Thomas reported that background tabs could create a borderless     XUL pop-up in front of pages in other tabs (CVE-2008-1241).
    oo.rio.oo discovered that a plain text file with a     'Content-Disposition: attachment' prevents Firefox from rendering     future plain text files within the browser (CVE-2008-0592).
    Martin Straka reported that the '.href' property of stylesheet DOM     nodes is modified to the final URI of a 302 redirect, bypassing the     same origin policy (CVE-2008-0593).
    Gregory Fleischer discovered that under certain circumstances, leading     characters from the hostname part of the 'Referer:' HTTP header are     removed (CVE-2008-1238).
    Peter Brodersen and Alexander Klink reported that the browser     automatically selected and sent a client certificate when SSL Client     Authentication is requested by a server (CVE-2007-4879).
    Gregory Fleischer reported that web content fetched via the 'jar:'     protocol was not subject to network access restrictions     (CVE-2008-1240).
    The following vulnerabilities were reported in Firefox:
    Justin Dolske discovered a CRLF injection vulnerability when storing     passwords (CVE-2008-0417).
    Michal Zalewski discovered that Firefox does not properly manage a     delay timer used in confirmation dialogs (CVE-2008-0591).
    Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery     warning dialog is not displayed if the entire contents of a web page     are in a DIV tag that uses absolute positioning (CVE-2008-0594).
  Impact :

    A remote attacker could entice a user to view a specially crafted web     page or email that will trigger one of the vulnerabilities, possibly     leading to the execution of arbitrary code or a Denial of Service. It     is also possible for an attacker to trick a user to upload arbitrary     files when submitting a form, to corrupt saved passwords for other     sites, to steal login credentials, or to conduct Cross-Site Scripting     and Cross-Site Request Forgery attacks.
  Workaround :

    There is no known workaround at this time.

It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user.
(CVE-2008-0304)

Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user's privileges.
(CVE-2008-0412, CVE-2008-0413)

Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious message, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.
(CVE-2008-0415)

Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418)

Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type 'plain/text', rather than 'text/plain', Thunderbird will not show future 'text/plain' content to the user, forcing them to save those files locally to view the content.
(CVE-2008-0592) Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

- Web forgery overwrite with div overlay

- URL token stealing via stylesheet redirect

- Mishandling of locally-saved plain text files

- File action dialog tampering

- Possible information disclosure in BMP decoder

- Web browsing history and forward navigation stealing

- Directory traversal via chrome: URI

- Stored password corruption

- Privilege escalation, XSS, Remote Code Execution

- Multiple file input focus stealing vulnerabilities

- Crashes with evidence of memory corruption (rv:1.8.1.12)

The installed version of Netscape is affected by various security issues :

  - Several stability bugs leading to crashes which, in     some cases, show traces of memory corruption.

  - Several file input focus stealing vulnerabilities     that could result in uploading of arbitrary files     provided their full path and file names are known.

  - Several issues that allow scripts from page content     to escape from their sandboxed context and/or run     with chrome privileges, resulting in privilege     escalation, XSS, and/or remote code execution.

  - An issue that could allow a malicious site to inject     newlines into the application's password store when     a user saves a password, resulting in corruption of     saved passwords for other sites.  

  - A directory traversal vulnerability via the     'chrome:' URI.

  - A vulnerability involving 'designMode' frames that     may result in web browsing history and forward     navigation stealing.

  - An information disclosure issue in the BMP     decoder.

  - A file action dialog tampering vulnerability     involving timer-enabled security dialogs.

  - Mis-handling of locally-saved plaintext files.

  - Possible disclosure of sensitive URL parameters,     such as session tokens, via the .href property of     stylesheet DOM nodes reflecting the final URI of     the stylesheet after following any 302 redirects.

  - A failure to display a web forgery warning dialog     in cases where the entire contents of a page are     enclosed in a '<div>' with absolute positioning.

Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413)

Flaws were discovered in the file upload form control. A malicious website could force arbitrary files from the user's computer to be uploaded without consent. (CVE-2008-0414)

Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.
(CVE-2008-0415)

Various flaws were discovered in character encoding handling. If a user were ticked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)

Justin Dolske discovered a flaw in the password saving mechanism. By tricking a user into opening a malicious web page, an attacker could corrupt the user's stored passwords. (CVE-2008-0417)

Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418)

David Bloom discovered flaws in the way images are treated by the browser. A malicious website could exploit this to steal the user's history information, crash the browser and/or possibly execute arbitrary code with the user's privileges. (CVE-2008-0419)

Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420)

Michal Zalewski discovered flaws with timer-enabled security dialogs.
A malicious website could force the user to confirm a security dialog without explicit consent. (CVE-2008-0591)

It was discovered that Firefox mishandled locally saved plain text files. By tricking a user into saving a specially crafted text file, an attacker could prevent the browser from displaying local files with a .txt extension. (CVE-2008-0592)

Martin Straka discovered flaws in stylesheet handling after a 302 redirect. By tricking a user into opening a malicious web page, an attacker could obtain sensitive URL parameters. (CVE-2008-0593)

Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog wasn't displayed under certain circumstances. A malicious website could exploit this to conduct phishing attacks against the user. (CVE-2008-0594).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

[Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304)

Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information.
(CVE-2008-0420, CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Thunderbird handles certain chrome URLs.
If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418)

Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled.

A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type 'plain/text', rather than 'text/plain', Thunderbird will not show future 'text/plain' content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592)

Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)

A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)

A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

The installed version of SeaMonkey is affected by various security issues :

  - Several stability bugs leading to crashes which, in     some cases, show traces of memory corruption

  - Several file input focus stealing vulnerabilities     that could result in uploading of arbitrary files     provided their full path and file names are known.

  - Several issues that allow scripts from page content     to escape from their sandboxed context and/or run     with chrome privileges, resulting in privilege     escalation, XSS, and/or remote code execution.

  - A directory traversal vulnerability via the     'chrome:' URI.

  - A vulnerability involving 'designMode' frames that     may result in web browsing history and forward     navigation stealing.

  - An information disclosure issue in the BMP     decoder.

  - Mis-handling of locally-saved plaintext files.

  - Possible disclosure of sensitive URL parameters,     such as session tokens, via the .href property of     stylesheet DOM nodes reflecting the final URI of     the stylesheet after following any 302 redirects.

  - A heap-based buffer overflow that can be triggered     when viewing an email with an external MIME     body.

  - Multiple cross-site scripting vulnerabilities     related to character encoding.

The installed version of Firefox is affected by various security issues :

  - Several stability bugs leading to crashes which, in     some cases, show traces of memory corruption

  - Several file input focus stealing vulnerabilities     that could result in uploading of arbitrary files     provided their full path and file names are known.

  - Several issues that allow scripts from page content     to escape from their sandboxed context and/or run     with chrome privileges, resulting in privilege     escalation, XSS, and/or remote code execution.

  - An issue that could allow a malicious site to inject     newlines into the application's password store when     a user saves his password, resulting in corruption     of saved passwords for other sites.  

  - A directory traversal vulnerability via the     'chrome:' URI.

  - A vulnerability involving 'designMode' frames that     may result in web browsing history and forward     navigation stealing.

  - An information disclosure issue in the BMP     decoder.

  - A file action dialog tampering vulnerability     involving timer-enabled security dialogs.

  - Mis-handling of locally-saved plaintext files.

  - Possible disclosure of sensitive URL parameters,     such as session tokens, via the .href property of     stylesheet DOM nodes reflecting the final URI of     the stylesheet after following any 302 redirects.

  - A failure to display a web forgery warning     dialog in cases where the entire contents of a page     are enclosed in a '<div>' with absolute positioning.

  - Multiple cross-site scripting vulnerabilities     related to character encoding.

ID	Name	Product	Family	Severity
67649	Oracle Linux 4 : thunderbird (ELSA-2008-0105)	Nessus	Oracle Linux Local Security Checks	high
67648	Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0104)	Nessus	Oracle Linux Local Security Checks	high
67647	Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)	Nessus	Oracle Linux Local Security Checks	high
65107	Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird (USN-582-2)	Nessus	Ubuntu Local Security Checks	high
37189	Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:048)	Nessus	Mandriva Local Security Checks	high
32416	GLSA-200805-18 : Mozilla products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
31341	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-582-1)	Nessus	Ubuntu Local Security Checks	high
31318	Fedora 7 : thunderbird-2.0.0.12-1.fc7 (2008-2118)	Nessus	Fedora Local Security Checks	high
31314	Fedora 8 : thunderbird-2.0.0.12-1.fc8 (2008-2060)	Nessus	Fedora Local Security Checks	high
31155	FreeBSD : mozilla -- multiple vulnerabilities (810a5197-e0d9-11dc-891a-02061b08fc24)	Nessus	FreeBSD Local Security Checks	high
31135	Netscape Browser < 9.0.0.6 Multiple Vulnerabilities	Nessus	Windows	high
30252	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)	Nessus	Ubuntu Local Security Checks	high
30247	RHEL 4 / 5 : thunderbird (RHSA-2008:0105)	Nessus	Red Hat Local Security Checks	high
30246	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104)	Nessus	Red Hat Local Security Checks	high
30245	RHEL 4 / 5 : firefox (RHSA-2008:0103)	Nessus	Red Hat Local Security Checks	high
30222	CentOS 4 / 5 : thunderbird (CESA-2008:0105)	Nessus	CentOS Local Security Checks	high
30221	CentOS 3 / 4 : seamonkey (CESA-2008:0104)	Nessus	CentOS Local Security Checks	high
30220	CentOS 4 / 5 : firefox (CESA-2008:0103)	Nessus	CentOS Local Security Checks	high
30210	SeaMonkey < 1.1.8 Multiple Vulnerabilities	Nessus	Windows	high
30209	Firefox < 2.0.0.12 Multiple Vulnerabilities	Nessus	Windows	high

Detections

Analytics

CVE-2008-0420

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high