Bug 432040 - (CVE-2008-0414) CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities
CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=mozilla,report...
: Security
Depends On: 432042 432043 432045 432046
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-08 10:14 EST by Tomas Hoger
Modified: 2011-02-02 16:16 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-02 15:52:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-02-08 10:14:44 EST
MFSA 2008-02 [1]:

Security researchers hong and Gregory Fleisher each reported a variant on
earlier reported bugs regarding focus shifting in file input controls. Their
variants used file input controls nested inside <label> tags to take advantage
of automatic focus shifting into the file input field noted on the Hacker
WebZine. As with the earlier reported issues this issue could be used to force a
user to upload arbitrary files assuming the attacker knows the full path and
name of the file.

These bugs are variations on earlier problems reported by Charles McAuley and
Michal Zalewski which were fixed in Firefox 2.0.0.4, as well as an issue
reported by hong which was fixed in Firefox 2.0.0.8.

Gregory Fleisher also submitted a series of demonstrations of different ways to
lure a user to place focus into the file input control manually. These
demonstrations included "focus spoofing" by selectively capturing keystrokes and
placing the captured characters where the user thinks the focus should be.

[1] http://www.mozilla.org/security/announce/2008/mfsa2008-02.html

Fixed upstream in firefox 2.0.0.12 and seamonkey 1.1.8.
Comment 3 Fedora Update System 2008-02-08 16:15:33 EST
seamonkey-1.1.8-1.fc7 has been submitted as an update for Fedora 7
Comment 4 Fedora Update System 2008-02-08 16:16:50 EST
seamonkey-1.1.8-1.fc8 has been submitted as an update for Fedora 8
Comment 5 Fedora Update System 2008-02-08 17:15:30 EST
blam-1.8.3-13.fc8,chmsee-1.0.0-1.28.fc8,devhelp-0.16.1-5.fc8,epiphany-2.20.2-3.fc8,epiphany-extensions-2.20.1-5.fc8,firefox-2.0.0.12-1.fc8,galeon-2.0.4-1.fc8.2,gnome-python2-extras-2.19.1-12.fc8,gnome-web-photo-0.3-8.fc8,gtkmozembedmm-1.4.2.cvs20060817-18.fc8,kazehakase-0.5.2-1.fc8.2,liferea-1.4.11-2.fc8,Miro-1.1-3.fc8,openvrml-0.17.5-2.fc8,ruby-gnome2-0.16.0-20.fc8,yelp-2.20.0-7.fc8 has been submitted as an update for Fedora 8
Comment 6 Fedora Update System 2008-02-11 10:34:39 EST
chmsee-1.0.0-1.28.fc7,devhelp-0.13-13.fc7,epiphany-2.18.3-6.fc7,epiphany-extensions-2.18.3-7,firefox-2.0.0.12-1.fc7,galeon-2.0.3-15.fc7,gnome-python2-extras-2.14.3-8.fc7,gtkmozembedmm-1.4.2.cvs20060817-15.fc7,kazehakase-0.5.2-1.fc7.2,liferea-1.4.9-2.fc7,Miro-1.1-3.fc7,openvrml-0.16.7-3.fc7,ruby-gnome2-0.16.0-21.fc7,yelp-2.18.1-9.fc7 has been submitted as an update for Fedora 7
Comment 7 Fedora Update System 2008-02-12 23:49:03 EST
chmsee-1.0.0-1.28.fc7, devhelp-0.13-13.fc7, epiphany-extensions-2.18.3-7, firefox-2.0.0.12-1.fc7, gtkmozembedmm-1.4.2.cvs20060817-15.fc7, gnome-python2-extras-2.14.3-8.fc7, galeon-2.0.3-15.fc7, ruby-gnome2-0.16.0-21.fc7, epiphany-2.18.3-6.fc7, kazehakase-0.5.2-1.fc7.2, liferea-1.4.9-2.fc7, yelp-2.18.1-9.fc7, Miro-1.1-3.fc7, openvrml-0.16.7-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2008-02-12 23:53:30 EST
seamonkey-1.1.8-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-02-13 00:02:39 EST
blam-1.8.3-13.fc8, chmsee-1.0.0-1.28.fc8, devhelp-0.16.1-5.fc8, epiphany-2.20.2-3.fc8, epiphany-extensions-2.20.1-5.fc8, firefox-2.0.0.12-1.fc8, galeon-2.0.4-1.fc8.2, gnome-python2-extras-2.19.1-12.fc8, gnome-web-photo-0.3-8.fc8, gtkmozembedmm-1.4.2.cvs20060817-18.fc8, kazehakase-0.5.2-1.fc8.2, liferea-1.4.11-2.fc8, Miro-1.1-3.fc8, openvrml-0.17.5-2.fc8, ruby-gnome2-0.16.0-20.fc8, yelp-2.20.0-7.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-02-13 10:10:32 EST
seamonkey-1.1.8-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Josh Bressers 2011-02-02 15:52:25 EST
This was fixed in RHSA-2008:0208. I'm not sure why it wasn't noted at that time. The patch is included in the seamonkey SRPM. I've added the CVE ID to the advisory.

Note You need to log in before you can comment on or make changes to this bug.