Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Arbitrary socket connections with Java LiveConnect on Mac OS X

Related Vulnerabilities: CVE-2008-2806  

Source

Mozilla Foundation Security Advisory 2008-28

Arbitrary socket connections with Java LiveConnect on Mac OS X

Announced
July 1, 2008
Reporter
Gregory Fleischer
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.15
  • Firefox 3
  • SeaMonkey 1.1.10

Description

Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java Embedding Plugin (JEP) that ships with Firefox on Mac OS X. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains.

Workaround

Disable Java on Mac OS X until a version containing these fixes can be installed.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started