exploits , vulnerabilities , articles , Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability

Title	Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
Published	2009-06-11-12:00AM
Updated	2009-06-16-03:59PM
Class	Input Validation Error
CVE	CVE-2009-1834
Remote	Yes
Local	No
Credit	Pavel Cvrcek
Vulnerable	Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 RedHat Fedora 9 0 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux EUS 5.3.z server RedHat Enterprise Linux ES 4.8.z RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux AS 4.8.z RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Desktop 4.0 RedHat Desktop 3.0 Mozilla SeaMonkey 1.1.16 Mozilla SeaMonkey 1.1.15 Mozilla SeaMonkey 1.1.15 Mozilla SeaMonkey 1.1.14 Mozilla SeaMonkey 1.1.13 Mozilla SeaMonkey 1.1.12 Mozilla SeaMonkey 1.1.11 Mozilla SeaMonkey 1.1.10 Mozilla SeaMonkey 1.1.9 Mozilla SeaMonkey 1.1.8 Mozilla SeaMonkey 1.1.7 Mozilla SeaMonkey 1.1.6 Mozilla SeaMonkey 1.1.5 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.0.99 Mozilla SeaMonkey 1.0.9 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.1 beta Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0
Not Vulnerable	Mozilla SeaMonkey 1.1.17 Mozilla Firefox 3.0.11
Code	To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web document.The following example URI is available:https://www.example.xn--com-edoaaaaaaaaaaaaaaaaaaaaaaaaaaaa.example2.org/This URI would be decoded as 'www.example.com' followed by multiple 'U+115a' characters and '.example2.org'.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
• 2009-12-11 Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 12 Dec 2009 01:30:13 +0000