[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-4068

Date: (C)2008-09-24   (M)2017-11-18 


Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

CVSS Score: 7.8Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.9Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1020921
SUNALERT-256408
BID-31346
SECUNIA-31984
SECUNIA-31985
SECUNIA-31987
SECUNIA-32007
SECUNIA-32010
SECUNIA-32011
SECUNIA-32012
SECUNIA-32025
SECUNIA-32042
SECUNIA-32044
SECUNIA-32082
SECUNIA-32089
SECUNIA-32092
SECUNIA-32095
SECUNIA-32096
SECUNIA-32144
SECUNIA-32185
SECUNIA-32196
SECUNIA-32845
SECUNIA-33433
SECUNIA-33434
SECUNIA-34501
ADV-2008-2661
ADV-2009-0977
DSA-1649
DSA-1669
DSA-1696
DSA-1697
FEDORA-2008-8401
FEDORA-2008-8425
FEDORA-2008-8429
MDVSA-2008:205
MDVSA-2008:206
RHSA-2008:0879
RHSA-2008:0882
RHSA-2008:0908
SSA:2008-269-01
SSA:2008-269-02
SSA:2008-270-01
SUSE-SA:2008:050
USN-645-1
USN-645-2
USN-647-1
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
mozilla-resourceprotocol-info-disclosure(45360)

CPE    122
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.15
cpe:/a:mozilla:thunderbird:2.0.0.16
...
CWE    1
CWE-22
OVAL    8
oval:org.secpod.oval:def:301362
oval:org.secpod.oval:def:301323
oval:org.mitre.oval:def:8021
oval:org.mitre.oval:def:7950
...

© 2013 SecPod Technologies