Bug 452710 (CVE-2008-2808)
Summary: | CVE-2008-2808 Firefox file location escaping flaw | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | caillon, security-response-team, stransky |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.1.10-1.fc9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-23 21:05:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 450668, 450670, 450671, 450672, 450673, 450674, 451026, 451629, 453954, 453955 | ||
Bug Blocks: |
Description
Josh Bressers
2008-06-24 15:31:31 UTC
This will be MFSA 2008-30 This is now public: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 devhelp-0.16.1-8.fc8, gtkmozembedmm-1.4.2.cvs20060817-21.fc8, yelp-2.20.0-10.fc8, gnome-web-photo-0.3-11.fc8, kazehakase-0.5.4-2.fc8.2, blam-1.8.3-16.fc8, epiphany-2.20.3-5.fc8, liferea-1.4.15-2.fc8, epiphany-extensions-2.20.1-8.fc8, galeon-2.0.4-3.fc8.3, openvrml-0.17.6-3.fc8, chmsee-1.0.0-2.31.fc8, ruby-gnome2-0.17.0-0.2.rc1.fc8, firefox-2.0.0.15-1.fc8, gnome-python2-extras-2.19.1-15.fc8, Miro-1.2.3-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. seamonkey-1.1.10-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. seamonkey-1.1.10-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. It should be noted that the description used in the security errata is mistaken. This issue does not only affect local file listings, but can affect any file listings such as ftp, gopher, and jar schemas. This was addressed via: Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0547 Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0547 Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:0547 Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0549 Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0569 Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0616 Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0616 RHEL Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0616 |