Launchpad.net

CVE 2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".

Related bugs and status

CVE-2008-0591 (Candidate) is related to these bugs:

Bug #195693: [iceape] several vulnerabilities

Summary				In	Importance	Status
	195693	[iceape] several vulnerabilities		iceape (Ubuntu)	Medium	Invalid

Bug #199412: [thunderbird] [CVE-2008-0591] missing fix in USN-582-1/2?

Summary				In	Importance	Status
	199412	[thunderbird] [CVE-2008-0591] missing fix in USN-582-1/2?		thunderbird (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
MISC: http://lcamtuf.coredum...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1484
DEBIAN: DSA-1485
DEBIAN: DSA-1489
REDHAT: RHSA-2008:0103
REDHAT: RHSA-2008:0104
REDHAT: RHSA-2008:0105
UBUNTU: USN-576-1
BID: 27683
SECTRACK: 1019339
SECUNIA: 28818
SECUNIA: 28754
SECUNIA: 28758
SECUNIA: 28766
SECUNIA: 28808
SECUNIA: 28839
SECUNIA: 28864
SECUNIA: 28865
SECUNIA: 28877
SECUNIA: 28879
FEDORA: FEDORA-2008-1435
FEDORA: FEDORA-2008-1459
FEDORA: FEDORA-2008-1535
SECUNIA: 28924
SECUNIA: 28939
CONFIRM: http://browser.netscap...
DEBIAN: DSA-1506
MANDRIVA: MDVSA-2008:048
SUSE: SUSE-SA:2008:008
SECUNIA: 28958
SECUNIA: 29049
SECUNIA: 29086
FULLDISC: 20070604 Assorted brow...
BID: 24293
SREASON: 2781
CONFIRM: http://wiki.rpath.com/...
FEDORA: FEDORA-2008-2060
FEDORA: FEDORA-2008-2118
SECUNIA: 29167
CONFIRM: http://wiki.rpath.com/...
CONFIRM: https://issues.rpath.c...
MANDRIVA: MDVSA-2008:062
SECUNIA: 29164
CONFIRM: http://support.novell....
SECUNIA: 29567
SECUNIA: 30327
GENTOO: GLSA-200805-18
SUNALERT: 238492
SECUNIA: 30620
VUPEN: ADV-2008-0453
VUPEN: ADV-2008-0454
VUPEN: ADV-2008-0627
VUPEN: ADV-2008-1793
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070604 Assorted brow...
BUGTRAQ: 20080229 rPSA-2008-009...
BUGTRAQ: 20080209 rPSA-2008-005...
BUGTRAQ: 20080212 FLEA-2008-000...