Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 3.0.4 (including) |
| Firefox | Mozilla | 3.0 (including) | 3.0 (including) |
| Firefox | Mozilla | 3.0.1 (including) | 3.0.1 (including) |
| Firefox | Mozilla | 3.0.2 (including) | 3.0.2 (including) |
| Firefox | Mozilla | 3.0.3 (including) | 3.0.3 (including) |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:3.0.5-1.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | nspr-0:4.7.3-1.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | nss-0:3.12.2.0-1.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:3.0.5-1.el5_2 | * |
| Red Hat Enterprise Linux 5 | RedHat | nspr-0:4.7.3-2.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | nss-0:3.12.2.0-2.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | xulrunner-0:1.9.0.5-1.el5_2 | * |
| Firefox-3.0 | Ubuntu | devel | * |
| Firefox-3.0 | Ubuntu | gutsy | * |
| Firefox-3.0 | Ubuntu | hardy | * |
| Firefox-3.0 | Ubuntu | intrepid | * |
| Firefox-3.0 | Ubuntu | upstream | * |
| Xulrunner-1.9 | Ubuntu | devel | * |
| Xulrunner-1.9 | Ubuntu | gutsy | * |
| Xulrunner-1.9 | Ubuntu | hardy | * |
| Xulrunner-1.9 | Ubuntu | intrepid | * |
| Xulrunner-1.9 | Ubuntu | upstream | * |
References
- http://secunia.com/advisories/33188
- http://secunia.com/advisories/33203
- http://secunia.com/advisories/33216
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
- http://www.mozilla.org/security/announce/2008/mfsa2008-63.html
- http://www.redhat.com/support/errata/RHSA-2008-1036.html
- http://www.securityfocus.com/bid/32882
- http://www.securitytracker.com/id?1021428
- http://www.vupen.com/english/advisories/2009/0977
- https://bugzilla.mozilla.org/show_bug.cgi?id=295994
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47411
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443
- https://usn.ubuntu.com/690-1/
- http://secunia.com/advisories/33188
- http://secunia.com/advisories/33203
- http://secunia.com/advisories/33216
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
- http://www.mozilla.org/security/announce/2008/mfsa2008-63.html
- http://www.redhat.com/support/errata/RHSA-2008-1036.html
- http://www.securityfocus.com/bid/32882
- http://www.securitytracker.com/id?1021428
- http://www.vupen.com/english/advisories/2009/0977
- https://bugzilla.mozilla.org/show_bug.cgi?id=295994
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47411
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443
- https://usn.ubuntu.com/690-1/