cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0_.1 cpe:/a:mozilla:firefox:2.0_.4 cpe:/a:mozilla:firefox:2.0_.5 cpe:/a:mozilla:firefox:2.0_.6 cpe:/a:mozilla:firefox:2.0_.7 cpe:/a:mozilla:firefox:2.0_.9 cpe:/a:mozilla:firefox:2.0_.10 cpe:/a:mozilla:firefox:2.0_8 cpe:/a:mozilla:firefox:3.0 CVE-2008-2933 2008-07-17T09:41:00.000-04:00 2017-09-28T21:31:25.477-04:00 2.6 NETWORK HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-07-17T11:20:00.000-04:00 SECTRACK 1020500 BUGTRAQ 20080729 rPSA-2008-0238-1 firefox SUNALERT 256408 BID 30242 SECUNIA 31106 SECUNIA 31120 SECUNIA 31121 SECUNIA 31129 SECUNIA 31145 SECUNIA 31157 SECUNIA 31176 SECUNIA 31183 SECUNIA 31261 SECUNIA 31270 SECUNIA 31306 SECUNIA 31377 SECUNIA 33433 SECUNIA 34501 VUPEN ADV-2009-0977 DEBIAN DSA-1614 DEBIAN DSA-1615 DEBIAN DSA-1697 GENTOO GLSA-200808-03 MANDRIVA MDVSA-2008:148 REDHAT RHSA-2008:0597 REDHAT RHSA-2008:0598 SLACKWARE SSA:2008-198-01 UBUNTU USN-623-1 UBUNTU USN-626-1 UBUNTU USN-626-2 CERT-VN VU#130923 XF firefox-commandline-uri-security-bypass(43832) CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238 CONFIRM http://www.mozilla.org/security/announce/2008/mfsa2008-35.html CONFIRM http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=441120 CONFIRM https://issues.rpath.com/browse/RPL-2683 Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.