[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-4068Date: (C)2008-09-24   (M)2018-06-02


Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1020921
SUNALERT-256408
BID-31346
SECUNIA-31984
SECUNIA-31985
SECUNIA-31987
SECUNIA-32007
SECUNIA-32010
SECUNIA-32011
SECUNIA-32012
SECUNIA-32025
SECUNIA-32042
SECUNIA-32044
SECUNIA-32082
SECUNIA-32089
SECUNIA-32092
SECUNIA-32095
SECUNIA-32096
SECUNIA-32144
SECUNIA-32185
SECUNIA-32196
SECUNIA-32845
SECUNIA-33433
SECUNIA-33434
SECUNIA-34501
ADV-2008-2661
ADV-2009-0977
DSA-1649
DSA-1669
DSA-1696
DSA-1697
FEDORA-2008-8401
FEDORA-2008-8425
FEDORA-2008-8429
MDVSA-2008:205
MDVSA-2008:206
RHSA-2008:0879
RHSA-2008:0882
RHSA-2008:0908
SSA:2008-269-01
SSA:2008-269-02
SSA:2008-270-01
SUSE-SA:2008:050
USN-645-1
USN-645-2
USN-647-1
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
mozilla-resourceprotocol-info-disclosure(45360)

CPE    122
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.15
cpe:/a:mozilla:thunderbird:2.0.0.16
cpe:/a:mozilla:thunderbird:2.0.0.11
...
CWE    1
CWE-22
OVAL    8
oval:org.secpod.oval:def:301362
oval:org.mitre.oval:def:7657
oval:org.secpod.oval:def:301323
oval:org.mitre.oval:def:7740
...

© SecPod Technologies