OSVDB ID: 32110

Title: Mozilla Multiple Products Cache Collision Information Disclosure

Info

Disclosure
Aug 08, 2006

Discovery
Unknown

Dates

Exploit
Aug 08, 2006

Solution
Unknown

Description

 Mozilla Firefox and Mozilla SeaMonkey contain a flaw that may lead to an unauthorized information disclosure. The issue is due to a hash collision that can cause page data to be appended to the wrong page cache, allowing a remote attacker to obtain sensitive information and resulting in a loss of confidentiality.

Classification

 Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to the following versions of the affected products as they have been reported to fix this vulnerability: Mozilla Firefox 2: version 2.0.0.2 or higher Mozilla Firefox: version 1.5.0.10 or higher Mozilla SeaMonkey: version 1.0.8 or higher An upgrade is required as there are no known workarounds.

Products

Mozilla Organization

Firefox

 0.8
0.9
0.9.1
0.9.2
0.9.3
0.10
0.10.1
1.0 RC2
1.0
1.0 RC1
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1a1
1.1a2
1.4
1.4.1
1.5 RC1
1.5 rc2
1.5 RC3
1.5
1.5.0.1 RC1
1.5.0.1
1.5.0.2
1.5.0.3
1.5.0.4
1.5.0.5
1.5.0.6
1.5.0.7
1.5.0.8
1.5.0.10
1.5.0.9
2.0a1
2.0a2
2.0a3
2.0b1
2.0b2
2.0 RC 1
2.0 RC 2
2.0 RC 3
2.0
2.0.0.1
2.0.0.2

SeaMonkey

 1.0 Alpha
1.0 Beta
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1.1

References

Credit
  • Aad van der Voet - bugzillahsd.scarlet.nl - http://www.oldwings.nl/index.htm


Direct URL: http://osvdb.org/32110