Mozilla Firefox URI Splitting Security Bypass Vulnerability
BID:30242
Info
Mozilla Firefox URI Splitting Security Bypass Vulnerability
| Bugtraq ID: | 30242 |
| Class: | Design Error |
| CVE: |
CVE-2008-2933 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 15 2008 12:00AM |
| Updated: | Apr 13 2015 09:41PM |
| Credit: | Billy Rios |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux wizpy 0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux FUJI 0 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SP2 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO Sun Solaris 10_x86 Sun Solaris 10_sparc Sun OpenSolaris build snv_94 Sun OpenSolaris build snv_93 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_90 Sun OpenSolaris build snv_89 Slackware Linux 10.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current rPath rPath Linux 1 Redhat Enterprise Linux ES 4.5.z Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4.5.z Redhat Enterprise Linux 5 Server Pardus Linux 2008 0 Pardus Linux 2007 0 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service - CCSS7 0 Mozilla XULRunner 1.9 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .8 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Xulrunner 0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Debian Iceweasel 0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 4.0 Avaya Messaging Storage Server 3.1 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity Audix R5 0 Avaya Intuity AUDIX LX 2.0 Avaya Intuity AUDIX Avaya Interactive Response 4.0 |
| Not Vulnerable: |
Mozilla Firefox 3.0.1 Mozilla Firefox 2.0 .16 |
Discussion
Mozilla Firefox URI Splitting Security Bypass Vulnerability
Mozilla Firefox is prone to a security-bypass vulnerability because of a design error.
Exploiting this issue could allow an attacker to bypass certain security restrictions and launch restricted URIs. Specifically, the attacker could use external applications to launch 'chrome:' URIs or to pass certain URIs to Firefox that would normally be handled by a vector application.
The issue affects Firefox 3.0 and versions prior to 2.0.0.16.
Mozilla Firefox is prone to a security-bypass vulnerability because of a design error.
Exploiting this issue could allow an attacker to bypass certain security restrictions and launch restricted URIs. Specifically, the attacker could use external applications to launch 'chrome:' URIs or to pass certain URIs to Firefox that would normally be handled by a vector application.
The issue affects Firefox 3.0 and versions prior to 2.0.0.16.
Exploit / POC
Mozilla Firefox URI Splitting Security Bypass Vulnerability
To exploit this issue an attacker entices an unsuspecting user to open a malicious URI.
To exploit this issue an attacker entices an unsuspecting user to open a malicious URI.
Solution / Fix
Mozilla Firefox URI Splitting Security Bypass Vulnerability
Solution:
Fixes and advisories are available to address this issue. Please see the references for more information.
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 mipsel
Debian Linux 4.0 ia-64
Debian Linux 4.0 mips
Debian Linux 4.0 arm
Debian Linux 4.0 powerpc
Debian Linux 4.0 m68k
Solution:
Fixes and advisories are available to address this issue. Please see the references for more information.
Debian Linux 4.0 amd64
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_amd64.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_amd64.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_amd64.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_amd64.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_amd64.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_amd64.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 ia-32
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_i386.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_i386.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_i386.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_i386.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_i386.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_i386.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_i386.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_i386.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_i386.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_i386.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_i386.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_i386.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 hppa
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_hppa.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_hppa.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_hppa.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_hppa.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_hppa.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_hppa.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_hppa.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_hppa.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_hppa.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_hppa.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_hppa.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_hppa.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 mipsel
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_mipsel.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_mipsel.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_mipsel.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_mipsel.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_mipsel.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_mipsel.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 ia-64
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_ia64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_ia64.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_ia64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_ia64.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_ia64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_ia64.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_ia64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_ia64.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_ia64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_ia64.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_ia64.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_ia64.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 mips
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_mips.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_mips.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_mips.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_mips.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_mips.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_mips.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_mips.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_mips.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_mips.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_mips.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_mips.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_mips.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 arm
-
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 powerpc
-
Debian iceape-browser_1.0.13~pre080614i-0etch1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1 .0.13~pre080614i-0etch1_powerpc.deb -
Debian iceape-calendar_1.0.13~pre080614i-0etch1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_ 1.0.13~pre080614i-0etch1_powerpc.deb -
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dbg_1.0.13~pre080614i-0etch1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.1 3~pre080614i-0etch1_powerpc.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape-dom-inspector_1.0.13~pre080614i-0etch1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspe ctor_1.0.13~pre080614i-0etch1_powerpc.deb -
Debian iceape-gnome-support_1.0.13~pre080614i-0etch1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-sup port_1.0.13~pre080614i-0etch1_powerpc.deb -
Debian iceape-mailnews_1.0.13~pre080614i-0etch1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_ 1.0.13~pre080614i-0etch1_powerpc.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
Debian Linux 4.0 m68k
-
Debian iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla _1.0.13~pre080614i-0etch1_all.deb -
Debian iceape-dev_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.1 3~pre080614i-0etch1_all.deb -
Debian iceape_1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pr e080614i-0etch1_all.deb -
Debian mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_ 1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzill a_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-insp ector_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debug ger_1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews _1.8+1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+ 1.0.13~pre080614i-0etch1_all.deb -
Debian mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0. 13~pre080614i-0etch1_all.deb
References
Mozilla Firefox URI Splitting Security Bypass Vulnerability
References:
References:
- Vendor Homepage (Mozilla Foundation)
- ASA-2008-316 firefox security update (RHSA-2008-0598) (Avaya)
- ASA-2009-158 - Multiple Security Vulnerabilities in Firefox Versions Before 2.0. (Avaya)
- MFSA 2008-35 - Mozilla Foundation Security Advisory 2008-35 (Mozilla Foundation)
- MozillaFirefox 20080717 (Novell)
- Nortel Response to Sun Alert 256408 - Solaris 10 - Vulnerabilities in Firefox Ma (Nortel Networks)
- RHSA-2008:0597-6 Critical: firefox security update (Red Hat)
- RHSA-2008:0598-3 Critical: firefox security update (Red Hat)
- Solution 256408: Multiple Security Vulnerabilities in Firefox (Sun)
- Vulnerability Note VU#130923 Mozilla Firefox command line URI handling vulnerabi (US-CERT)