Launchpad.net

CVE 2007-4879

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

Related bugs and status

CVE-2007-4879 (Candidate) is related to these bugs:

Bug #210155: various outstanding security updates in mozilla universe packages (as of 1.8.1.13)

		In	Importance	Status
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Edgy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Feisty)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Gutsy)	High	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Gutsy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Hardy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Hardy)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://0x90.eu/ff_tls_...
CONFIRM: https://bugzilla.mozil...
CONFIRM: http://www.mozilla.org...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1532
SECTRACK: 1019704
SECUNIA: 29560
DEBIAN: DSA-1534
MANDRIVA: MDVSA-2008:080
SECUNIA: 29539
SECUNIA: 29558
DEBIAN: DSA-1535
UBUNTU: USN-592-1
CERT: TA08-087A
BID: 28448
SECUNIA: 29616
SECUNIA: 29526
SECUNIA: 29541
SECUNIA: 29547
SUSE: SUSE-SA:2008:019
SECUNIA: 29645
SECUNIA: 30327
GENTOO: GLSA-200805-18
SUNALERT: 238492
SECUNIA: 30620
VUPEN: ADV-2008-0998
VUPEN: ADV-2008-1793
BUGTRAQ: 20080327 rPSA-2008-012...