Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255687 (CVE-2008-5913) - <www-client/mozilla-firefox{,-bin}-3.6.4 "in-session phising attack" (CVE-2008-5913)
Summary: <www-client/mozilla-firefox{,-bin}-3.6.4 "in-session phising attack" (CVE-200...
Status: RESOLVED FIXED
Alias: CVE-2008-5913
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.trusteer.com/files/In-sess...
Whiteboard: B4 [glsa]
Keywords:
Depends on: 324735
Blocks:
  Show dependency tree
 
Reported: 2009-01-20 19:41 UTC by Stefan Behte (RETIRED)
Modified: 2013-01-08 01:02 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-20 19:41:53 UTC
CVE-2008-5913 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913):
  An unspecified function in the JavaScript implementation in Mozilla
  Firefox creates and exposes a "temporary footprint" when there is a
  current login to a web site, which makes it easier for remote
  attackers to trick a user into acting upon a spoofed pop-up message,
  aka an "in-session phishing attack." NOTE: as of 20090116, the only
  disclosure is a vague pre-advisory with no actionable information.
  However, because it is from a well-known researcher, it is being
  assigned a CVE identifier for tracking purposes.
Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:17:43 UTC
Nothing for mozilla team to do here.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-02-09 17:53:00 UTC
Fixed with the stabilization of www-client/mozilla-firefox{,-bin}-3.6.4 in bug 324735 (with an additional variant of the vulnerability identified as CVE-2010-3171). Added to existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:57 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).