SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-4068

Date: (C)2008-09-24 (M)2024-02-09

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE

Reference:

SECTRACK-1020921

SUNALERT-256408

FEDORA-2008-8401

FEDORA-2008-8425

FEDORA-2008-8429

SSA:2008-269-01

SSA:2008-269-02

SSA:2008-270-01

SUSE-SA:2008:050

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

mozilla-resourceprotocol-info-disclosure(45360)

oval:org.mitre.oval:def:11471

cpe:/a:mozilla:thunderbird
cpe:/o:debian:debian_linux:4.0
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/o:canonical:ubuntu_linux:7.04
...

oval:org.secpod.oval:def:301323
oval:org.secpod.oval:def:301362
oval:org.mitre.oval:def:7657
oval:org.secpod.oval:def:600503
...

© SecPod Technologies