CVE-2008-1240
Publication date 28 March 2008
Last updated 24 July 2024
Ubuntu priority
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 8.10 intrepid | Not in release |
8.04 LTS hardy |
Fixed 2.0.0.13+1nobinonly-0ubuntu1
|
|
7.10 gutsy |
Fixed 2.0.0.13+1nobinonly-0ubuntu0.7.10
|
|
7.04 feisty |
Fixed 2.0.0.13+0nobinonly-0ubuntu0.7.4
|
|
6.10 edgy |
Fixed 2.0.0.13+0nobinonly-0ubuntu0.6.10
|
|
6.06 LTS dapper |
Fixed 1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1
|
|
iceape | 8.10 intrepid | Not in release |
8.04 LTS hardy | Not in release | |
7.10 gutsy | Ignored end of life, was needed | |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
iceweasel | 8.10 intrepid | Not in release |
8.04 LTS hardy | Not in release | |
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
seamonkey | 8.10 intrepid |
Fixed 1.1.9+nobinonly-0ubuntu1
|
8.04 LTS hardy |
Fixed 1.1.9+nobinonly-0ubuntu1
|
|
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
xulrunner | 8.10 intrepid |
Fixed 1.8.1.13+nobinonly-0ubuntu1
|
8.04 LTS hardy |
Fixed 1.8.1.13+nobinonly-0ubuntu1
|
|
7.10 gutsy |
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
|
|
7.04 feisty | Ignored end of life, was needed | |
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper | Not in release |