Mozilla Firefox 3.0.1 through 3.0.3 on Windows does not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded http://liudieyu0.blog124.fc2.com/blog-entry-6.html http://www.securityfocus.com/bid/31747 http://www.frsirt.com/english/advisories/2008/2818 http://secunia.com/advisories/32192
firefox-2.0.0.18-1.fc8, epiphany-2.20.3-8.fc8, epiphany-extensions-2.20.1-11.fc8, blam-1.8.3-19.fc8, cairo-dock-1.6.3.1-1.fc8.1, chmsee-1.0.0-5.31.fc8, devhelp-0.16.1-11.fc8, evolution-rss-0.0.8-13.fc8, galeon-2.0.4-6.fc8.3, gnome-python2-extras-2.19.1-19.fc8, gnome-web-photo-0.3-14.fc8, kazehakase-0.5.6-1.fc8.1, liferea-1.4.15-5.fc8, Miro-1.2.7-2.fc8, openvrml-0.17.10-2.0.fc8, ruby-gnome2-0.17.0-3.fc8, yelp-2.20.0-14.fc8, seamonkey-1.1.13-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.0.4-1.fc9, firefox-3.0.4-1.fc9, epiphany-extensions-2.22.1-5.fc9, epiphany-2.22.2-5.fc9, cairo-dock-1.6.3.1-1.fc9.1, chmsee-1.0.1-6.fc9, devhelp-0.19.1-6.fc9, evolution-rss-0.1.0-4.fc9, galeon-2.0.7-3.fc9, gnome-python2-extras-2.19.1-21.fc9, gnome-web-photo-0.3-15.fc9, google-gadgets-0.10.1-5.fc9.1, gtkmozembedmm-1.4.2.cvs20060817-22.fc9, kazehakase-0.5.6-1.fc9.1, Miro-1.2.7-2.fc9, mozvoikko-0.9.5-4.fc9, mugshot-1.2.2-3.fc9, ruby-gnome2-0.17.0-3.fc9, totem-2.23.2-8.fc9, yelp-2.22.1-6.fc9, seamonkey-1.1.13-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Current Red Hat Enterprise Linux provides Firefox 3.0.19 so would not be vulnerable to this, excluding the fact this affects Windows only.