Launchpad.net

CVE 2008-1240

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

Related bugs and status

CVE-2008-1240 (Candidate) is related to these bugs:

Bug #210155: various outstanding security updates in mozilla universe packages (as of 1.8.1.13)

		In	Importance	Status
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Edgy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Feisty)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Gutsy)	High	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Gutsy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Hardy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Hardy)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1532
SECUNIA: 29560
DEBIAN: DSA-1534
MANDRIVA: MDVSA-2008:080
SECUNIA: 29539
SECUNIA: 29558
DEBIAN: DSA-1535
UBUNTU: USN-592-1
CERT: TA08-087A
BID: 28448
SECUNIA: 29616
SECUNIA: 29526
SECUNIA: 29541
SECUNIA: 29547
SUSE: SUSE-SA:2008:019
SECUNIA: 29645
SECUNIA: 30327
GENTOO: GLSA-200805-18
SUNALERT: 238492
SECUNIA: 30620
VUPEN: ADV-2008-0998
VUPEN: ADV-2008-1793
XF: mozilla-liveconnect-un...
BUGTRAQ: 20080327 rPSA-2008-012...