SeaMonkey '.lnk' Files Information Disclosure Vulnerability

http://www.securityfocus.com/bid/53799

Security Info

Bugtraq ID:	53799
Class:	Design Error
CVE:	CVE-2012-1945
Remote:	Yes
Local:	No
Published:	Jun 05 2012 12:00AM
Updated:	Jun 07 2012 01:20PM
Credit:	Paul Stone
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Mozilla Thunderbird ESR 10.0.4 Mozilla Thunderbird ESR 10.0.3 Mozilla Thunderbird ESR 10.0.2 Mozilla Thunderbird 9.0 Mozilla Thunderbird 8.0 Mozilla Thunderbird 7.0.1 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6.0.2 Mozilla Thunderbird 6.0.1 Mozilla Thunderbird 6.0 Mozilla Thunderbird 6 Mozilla Thunderbird 6 Mozilla Thunderbird 12.0 Mozilla Thunderbird 11.0 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla Thunderbird 10.0 Mozilla Thunderbird 10.0 Mozilla SeaMonkey 2.9 Mozilla SeaMonkey 2.8 Mozilla SeaMonkey 2.7.2 Mozilla SeaMonkey 2.7.1 Mozilla SeaMonkey 2.7 Mozilla SeaMonkey 2.6 Mozilla SeaMonkey 2.5 Mozilla SeaMonkey 2.4 Mozilla SeaMonkey 2.3 Mozilla SeaMonkey 2.2 Mozilla SeaMonkey 2.2 Mozilla SeaMonkey 2.1b2 Mozilla SeaMonkey 2.1 Alpha3 Mozilla SeaMonkey 2.1 Alpha2 Mozilla SeaMonkey 2.1 Alpha1 Mozilla SeaMonkey 2.1 Mozilla Firefox ESR 10.0.4 Mozilla Firefox ESR 10.0.3 Mozilla Firefox ESR 10.0.2 Mozilla Firefox 9.0.1 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 7 Mozilla Firefox 12.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 Mozilla Firefox 10.0 Mozilla Firefox 10

Not Vulnerable:	Mozilla Thunderbird ESR 10.0.5 Mozilla Thunderbird 13.0 Mozilla SeaMonkey 2.10 Mozilla Firefox ESR 10.0.5 Mozilla Firefox 13.0

Security Discussion

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to an information-disclosure vulnerability.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content.

Successful exploits will allow attackers to gain access to arbitrary files and directories through '.lnk' files on Windows Share. Information obtained may aid in further attacks.

Proof of Concept and Security Exploits

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Mozilla Firefox Homepage (Mozilla)
Mozilla Homepage (Mozilla Foundation)
SeaMonkey Homepage (Mozilla)
Thunderbird Homepage (Mozilla)
Information disclosure though Windows file shares and shortcut files (Mozilla)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services