JVN/CVE Demo: Cveinfos

CVE

Id: 30708
CVE No.: CVE-2008-0591
Status: Candidate
Description: Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".
Phase: Assigned (20080205)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
326676	30708	CVE-2008-0591	BUGTRAQ:20070604 Assorted browser vulnerabilities	View
326677	30708	CVE-2008-0591	URL:http://www.securityfocus.com/archive/1/archive/1/470446/100/0/threaded	View
326678	30708	CVE-2008-0591	BUGTRAQ:20080229 rPSA-2008-0093-1 thunderbird	View
326679	30708	CVE-2008-0591	URL:http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded	View
326680	30708	CVE-2008-0591	FULLDISC:20070604 Assorted browser vulnerabilities	View
326681	30708	CVE-2008-0591	URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html	View
326682	30708	CVE-2008-0591	BUGTRAQ:20080209 rPSA-2008-0051-1 firefox	View
326683	30708	CVE-2008-0591	URL:http://www.securityfocus.com/archive/1/archive/1/487826/100/0/threaded	View
326684	30708	CVE-2008-0591	BUGTRAQ:20080212 FLEA-2008-0001-1 firefox	View
326685	30708	CVE-2008-0591	URL:http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded	View
326686	30708	CVE-2008-0591	CONFIRM:http://www.mozilla.org/security/announce/2008/mfsa2008-08.html	View
326687	30708	CVE-2008-0591	CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=376473	View
326688	30708	CVE-2008-0591	MISC:http://lcamtuf.coredump.cx/ffclick2/	View
326689	30708	CVE-2008-0591	CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0051	View
326690	30708	CVE-2008-0591	CONFIRM:http://browser.netscape.com/releasenotes/	View
326691	30708	CVE-2008-0591	CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0093	View
326692	30708	CVE-2008-0591	CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093	View
326693	30708	CVE-2008-0591	CONFIRM:https://issues.rpath.com/browse/RPL-1995	View
326694	30708	CVE-2008-0591	CONFIRM:http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html	View
326695	30708	CVE-2008-0591	DEBIAN:DSA-1484	View
326696	30708	CVE-2008-0591	URL:http://www.debian.org/security/2008/dsa-1484	View
326697	30708	CVE-2008-0591	DEBIAN:DSA-1485	View
326698	30708	CVE-2008-0591	URL:http://www.debian.org/security/2008/dsa-1485	View
326699	30708	CVE-2008-0591	DEBIAN:DSA-1489	View
326700	30708	CVE-2008-0591	URL:http://www.debian.org/security/2008/dsa-1489	View
326701	30708	CVE-2008-0591	DEBIAN:DSA-1506	View
326702	30708	CVE-2008-0591	URL:http://www.debian.org/security/2008/dsa-1506	View
326703	30708	CVE-2008-0591	FEDORA:FEDORA-2008-1435	View
326704	30708	CVE-2008-0591	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html	View
326705	30708	CVE-2008-0591	FEDORA:FEDORA-2008-1459	View
326706	30708	CVE-2008-0591	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html	View
326707	30708	CVE-2008-0591	FEDORA:FEDORA-2008-1535	View
326708	30708	CVE-2008-0591	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html	View
326709	30708	CVE-2008-0591	FEDORA:FEDORA-2008-2060	View
326710	30708	CVE-2008-0591	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html	View
326711	30708	CVE-2008-0591	FEDORA:FEDORA-2008-2118	View
326712	30708	CVE-2008-0591	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html	View
326713	30708	CVE-2008-0591	GENTOO:GLSA-200805-18	View
326714	30708	CVE-2008-0591	URL:http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml	View
326715	30708	CVE-2008-0591	MANDRIVA:MDVSA-2008:048	View
326716	30708	CVE-2008-0591	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:048	View
326717	30708	CVE-2008-0591	MANDRIVA:MDVSA-2008:062	View
326718	30708	CVE-2008-0591	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:062	View
326719	30708	CVE-2008-0591	REDHAT:RHSA-2008:0103	View
326720	30708	CVE-2008-0591	URL:http://www.redhat.com/support/errata/RHSA-2008-0103.html	View
326721	30708	CVE-2008-0591	REDHAT:RHSA-2008:0104	View
326722	30708	CVE-2008-0591	URL:http://www.redhat.com/support/errata/RHSA-2008-0104.html	View
326723	30708	CVE-2008-0591	REDHAT:RHSA-2008:0105	View
326724	30708	CVE-2008-0591	URL:http://www.redhat.com/support/errata/RHSA-2008-0105.html	View
326725	30708	CVE-2008-0591	SUNALERT:238492	View
326726	30708	CVE-2008-0591	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1	View
326727	30708	CVE-2008-0591	SUSE:SUSE-SA:2008:008	View
326728	30708	CVE-2008-0591	URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html	View
326729	30708	CVE-2008-0591	UBUNTU:USN-576-1	View
326730	30708	CVE-2008-0591	URL:http://www.ubuntu.com/usn/usn-576-1	View
326731	30708	CVE-2008-0591	BID:24293	View
326732	30708	CVE-2008-0591	URL:http://www.securityfocus.com/bid/24293	View
326733	30708	CVE-2008-0591	BID:27683	View
326734	30708	CVE-2008-0591	URL:http://www.securityfocus.com/bid/27683	View
326735	30708	CVE-2008-0591	OVAL:oval:org.mitre.oval:def:10900	View
326736	30708	CVE-2008-0591	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10900	View
326737	30708	CVE-2008-0591	VUPEN:ADV-2008-0453	View
326738	30708	CVE-2008-0591	URL:http://www.vupen.com/english/advisories/2008/0453/references	View
326739	30708	CVE-2008-0591	VUPEN:ADV-2008-0454	View
326740	30708	CVE-2008-0591	URL:http://www.vupen.com/english/advisories/2008/0454/references	View
326741	30708	CVE-2008-0591	VUPEN:ADV-2008-0627	View
326742	30708	CVE-2008-0591	URL:http://www.vupen.com/english/advisories/2008/0627/references	View
326743	30708	CVE-2008-0591	VUPEN:ADV-2008-1793	View
326744	30708	CVE-2008-0591	URL:http://www.vupen.com/english/advisories/2008/1793/references	View
326745	30708	CVE-2008-0591	SECTRACK:1019339	View
326746	30708	CVE-2008-0591	URL:http://www.securitytracker.com/id?1019339	View
326747	30708	CVE-2008-0591	SECUNIA:28818	View
326748	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28818	View
326749	30708	CVE-2008-0591	SECUNIA:28754	View
326750	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28754	View
326751	30708	CVE-2008-0591	SECUNIA:28758	View
326752	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28758	View
326753	30708	CVE-2008-0591	SECUNIA:28766	View
326754	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28766	View
326755	30708	CVE-2008-0591	SECUNIA:28808	View
326756	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28808	View
326757	30708	CVE-2008-0591	SECUNIA:28839	View
326758	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28839	View
326759	30708	CVE-2008-0591	SECUNIA:28864	View
326760	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28864	View
326761	30708	CVE-2008-0591	SECUNIA:28865	View
326762	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28865	View
326763	30708	CVE-2008-0591	SECUNIA:28877	View
326764	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28877	View
326765	30708	CVE-2008-0591	SECUNIA:28879	View
326766	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28879	View
326767	30708	CVE-2008-0591	SECUNIA:28924	View
326768	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28924	View
326769	30708	CVE-2008-0591	SECUNIA:28939	View
326770	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28939	View
326771	30708	CVE-2008-0591	SECUNIA:28958	View
326772	30708	CVE-2008-0591	URL:http://secunia.com/advisories/28958	View
326773	30708	CVE-2008-0591	SECUNIA:29049	View
326774	30708	CVE-2008-0591	URL:http://secunia.com/advisories/29049	View
326775	30708	CVE-2008-0591	SECUNIA:29086	View
326776	30708	CVE-2008-0591	URL:http://secunia.com/advisories/29086	View
326777	30708	CVE-2008-0591	SECUNIA:29167	View
326778	30708	CVE-2008-0591	URL:http://secunia.com/advisories/29167	View
326779	30708	CVE-2008-0591	SECUNIA:29164	View
326780	30708	CVE-2008-0591	URL:http://secunia.com/advisories/29164	View
326781	30708	CVE-2008-0591	SECUNIA:29567	View
326782	30708	CVE-2008-0591	URL:http://secunia.com/advisories/29567	View
326783	30708	CVE-2008-0591	SECUNIA:30327	View
326784	30708	CVE-2008-0591	URL:http://secunia.com/advisories/30327	View
326785	30708	CVE-2008-0591	SECUNIA:30620	View
326786	30708	CVE-2008-0591	URL:http://secunia.com/advisories/30620	View
326787	30708	CVE-2008-0591	SREASON:2781	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
45838	JVNDB-2008-001148	D-Bus の dbus-daemon の特定のメソッド呼び出しにおけるアクセス制限回避の脆弱性	D-Bus の dbus-daemon には、特定のメソッド呼び出しにおいてセキュリティポリシーの適用に不備があり、send_interface 属性を認識してしまうために、アクセス制限を回避可能な脆弱性が存在します。	CVE-2008-0595	30708	7.2		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001148.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.45 MB
View render complete	3.04 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.96
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	508.75
Event: Controller.beforeRender	5.62
» Processing toolbar data	5.54
Rendering View	32.81
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	31.56
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.68
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.20
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/30708
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/30708
Remote Port	56700
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.154
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.14.45
Http Via	1.1 squid-proxy-5b5d847c96-mw4wx (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.154
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.154
Unique Id	aJH9HgmtV2Vnj6E8Z2Vz-QAAAdY
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.154
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.154
Redirect Unique Id	aJH9HgmtV2Vnj6E8Z2Vz-QAAAdY
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.154
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.154
Redirect Redirect Unique Id	aJH9HgmtV2Vnj6E8Z2Vz-QAAAdY
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1754397982.8678
Request Time	1754397982

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files