Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2785 to the following vulnerability: Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact and remote attack vectors, aka ZDI-CAN-349. Refences: http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30 http://www.securityfocus.com/bid/29802 http://www.frsirt.com/english/advisories/2008/1873 http://secunia.com/advisories/30761 http://xforce.iss.net/xforce/xfdb/43167
Mozilla blog post: http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/
*** Bug 452197 has been marked as a duplicate of this bug. ***
Now fixed upstream in MFSA 2008-34 http://www.mozilla.org/security/announce/2008/mfsa2008-34.html Fixed in versions: Firefox 3.0.1 Firefox 2.0.0.16 Thunderbird 2.0.0.16 SeaMonkey 1.1.11
xulrunner-1.9.0.1-1.fc9, epiphany-extensions-2.22.1-3.fc9, firefox-3.0.1-1.fc9, epiphany-2.22.2-3.fc9, yelp-2.22.1-4.fc9, devhelp-0.19.1-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.11-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
chmsee-1.0.0-3.31.fc8, gnome-web-photo-0.3-12.fc8, openvrml-0.17.6-6.fc8, gnome-python2-extras-2.19.1-16.fc8, gtkmozembedmm-1.4.2.cvs20060817-22.fc8, epiphany-2.20.3-6.fc8, firefox-2.0.0.16-1.fc8, galeon-2.0.4-4.fc8.3, Miro-1.2.3-3.fc8, yelp-2.20.0-11.fc8, cairo-dock-1.6.1.1-1.fc8.1, epiphany-extensions-2.20.1-9.fc8, kazehakase-0.5.4-2.fc8.3, blam-1.8.3-17.fc8, devhelp-0.16.1-9.fc8, liferea-1.4.15-3.fc8, ruby-gnome2-0.17.0-0.3.rc1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.11-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0598.html http://rhn.redhat.com/errata/RHSA-2008-0597.html http://rhn.redhat.com/errata/RHSA-2008-0599.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6491 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6517 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6518 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6519
Changing public= date to the date the Mozilla advisory came out as the were no public details prior to that about this issue (and our public= date is defined as the date the issue is known to the public)
thunderbird-2.0.0.16-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.16-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.