Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5913 to the following vulnerability: An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. References: http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161 http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html http://www.securityfocus.com/bid/33276
Similar issue was reported to affect other browsers: Microsoft Internet Explorer (CVE-2008-5912), Apple Safari (CVE-2008-5914) and Google Chrome (CVE-2008-5915)
This is now corrected upstream via: http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0500 https://rhn.redhat.com/errata/RHSA-2010-0500.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0501 https://rhn.redhat.com/errata/RHSA-2010-0501.html
seamonkey-2.0.5-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/seamonkey-2.0.5-1.fc12
seamonkey-2.0.5-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/seamonkey-2.0.5-1.fc13
xulrunner-1.9.2.4-1.fc13,firefox-3.6.4-1.fc13,mozvoikko-1.0-11.fc13,gnome-web-photo-0.9-9.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.14,gnome-python2-extras-2.25.3-19.fc13,galeon-2.0.7-29.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/xulrunner-1.9.2.4-1.fc13,firefox-3.6.4-1.fc13,mozvoikko-1.0-11.fc13,gnome-web-photo-0.9-9.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.14,gnome-python2-extras-2.25.3-19.fc13,galeon-2.0.7-29.fc13
firefox-3.5.10-1.fc12,xulrunner-1.9.1.10-1.fc12,mozvoikko-1.0-10.fc12,gnome-web-photo-0.9-7.fc12,gnome-python2-extras-2.25.3-18.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.13,galeon-2.0.7-23.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/firefox-3.5.10-1.fc12,xulrunner-1.9.1.10-1.fc12,mozvoikko-1.0-10.fc12,gnome-web-photo-0.9-7.fc12,gnome-python2-extras-2.25.3-18.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.13,galeon-2.0.7-23.fc12
seamonkey-2.0.5-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.1.10-1.fc12, mozvoikko-1.0-10.fc12, gnome-web-photo-0.9-7.fc12, gnome-python2-extras-2.25.3-18.fc12, perl-Gtk2-MozEmbed-0.08-6.fc12.13, galeon-2.0.7-23.fc12, firefox-3.5.10-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.2.4-1.fc13, firefox-3.6.4-1.fc13, mozvoikko-1.0-11.fc13, gnome-web-photo-0.9-9.fc13, perl-Gtk2-MozEmbed-0.08-6.fc13.14, gnome-python2-extras-2.25.3-19.fc13, galeon-2.0.7-29.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-2.0.5-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.