Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 83696

Summary: Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
Product: Gentoo Security Reporter: Robert Muchacki (RETIRED) <muchar>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/14407/
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Muchacki (RETIRED) gentoo-dev 2005-03-01 09:07:54 UTC 
Description:
Details have been released about several vulnerabilities in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system.

1) The vulnerability is caused due to the temporary plugin directory being created insecurely. This can be exploited via symlink attacks to delete arbitrary directories with the privileges of the user running Mozilla or Firefox.

2) The problem is that an inactive tab can launch an HTTP authentication prompt, which appears to be displayed by a website in another tab. This may be exploited to trick a user into entering some sensitive information (e.g. user credentials).


Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-03-01 09:09:02 UTC 

*** This bug has been marked as a duplicate of 83267 ***