Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
BID:25184
Info
Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
| Bugtraq ID: | 25184 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2007 12:00AM |
| Updated: | Aug 03 2007 05:04PM |
| Credit: | Seth Fogie is credited with discovering this issue. |
| Vulnerable: |
Mozilla Minimo .2 Mozilla Firefox 2.0 .6 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
Mozilla Firefox and Minimo are prone to an information-disclosure weakness.
An attacker may exploit this issue by successfully exploiting cross-site scripting vulnerabilities on target sites.
Successfull exploits may allow the attacker to obtain username and password credentials contained in the password manager. Information harvested in successful exploits may lead to other attacks.
Firefox 2.0.0.6 and Minimo .2 are reported vulnerable; other versions may also be affected.
Mozilla Firefox and Minimo are prone to an information-disclosure weakness.
An attacker may exploit this issue by successfully exploiting cross-site scripting vulnerabilities on target sites.
Successfull exploits may allow the attacker to obtain username and password credentials contained in the password manager. Information harvested in successful exploits may lead to other attacks.
Firefox 2.0.0.6 and Minimo .2 are reported vulnerable; other versions may also be affected.
Exploit / POC
Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for more information.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for more information.
Solution / Fix
Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Mozilla Firefox and Minimo Password Manager Information Disclosure Weakness
References:
References:
- Airscanner Mobile Security Advisory #07080102: Minimo <=.2 and Firefox 2.0.0.6 (Airscanner)
- Minimo Browser Homepage (Mozilla)
- Vendor Homepage (Mozilla Foundation)
- Minimo .2 and more Firefox 2.0.0.6 Password Manager Vulnerabilites (Seth Fogie)
- Airscanner Proof-of-Concept (Airscanner)