[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-4068Date: (C)2008-09-24   (M)2018-06-02


Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.8
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1020921
SUNALERT-256408
BID-31346
SECUNIA-31984
SECUNIA-31985
SECUNIA-31987
SECUNIA-32007
SECUNIA-32010
SECUNIA-32011
SECUNIA-32012
SECUNIA-32025
SECUNIA-32042
SECUNIA-32044
SECUNIA-32082
SECUNIA-32089
SECUNIA-32092
SECUNIA-32095
SECUNIA-32096
SECUNIA-32144
SECUNIA-32185
SECUNIA-32196
SECUNIA-32845
SECUNIA-33433
SECUNIA-33434
SECUNIA-34501
ADV-2008-2661
ADV-2009-0977
DSA-1649
DSA-1669
DSA-1696
DSA-1697
FEDORA-2008-8401
FEDORA-2008-8425
FEDORA-2008-8429
MDVSA-2008:205
MDVSA-2008:206
RHSA-2008:0879
RHSA-2008:0882
RHSA-2008:0908
SSA:2008-269-01
SSA:2008-269-02
SSA:2008-270-01
SUSE-SA:2008:050
USN-645-1
USN-645-2
USN-647-1
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
mozilla-resourceprotocol-info-disclosure(45360)

CPE    122
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:seamonkey:1.0.5
...
CWE    1
CWE-22
OVAL    8
oval:org.mitre.oval:def:8021
oval:org.secpod.oval:def:600264
oval:org.mitre.oval:def:7950
oval:org.mitre.oval:def:7657
...

© SecPod Technologies