Lucene search

[email protected]CVE-2008-0417

HistoryFeb 08, 2008 - 10:00 p.m.

CVE-2008-0417

2008-02-0822:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-0417

crlf injection

mozilla firefox

web vulnerability

user-assisted

password store corruption

nvd

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.2%

JSON

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user’s password store via newlines that are not properly handled when the user saves a password.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle2.0.0.11

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	2.0.0.11

References

browser.netscape.com/releasenotes/

lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

secunia.com/advisories/28766

secunia.com/advisories/28818

secunia.com/advisories/28839

secunia.com/advisories/28864

secunia.com/advisories/28865

secunia.com/advisories/28877

secunia.com/advisories/28879

secunia.com/advisories/28924

secunia.com/advisories/28939

secunia.com/advisories/28958

secunia.com/advisories/29086

secunia.com/advisories/29567

secunia.com/advisories/30327

secunia.com/advisories/30620

sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

wiki.rpath.com/Advisories:rPSA-2008-0051

www.debian.org/security/2008/dsa-1484

www.debian.org/security/2008/dsa-1485

www.debian.org/security/2008/dsa-1489

www.debian.org/security/2008/dsa-1506

www.gentoo.org/security/en/glsa/glsa-200805-18.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:048

www.mozilla.org/security/announce/2008/mfsa2008-04.html

www.redhat.com/support/errata/RHSA-2008-0103.html

www.redhat.com/support/errata/RHSA-2008-0104.html

www.securityfocus.com/archive/1/487826/100/0/threaded

www.securityfocus.com/archive/1/488002/100/0/threaded

www.securityfocus.com/bid/27683

www.securitytracker.com/id?1019334

www.ubuntu.com/usn/usn-576-1

www.vupen.com/english/advisories/2008/0453/references

www.vupen.com/english/advisories/2008/0627/references

www.vupen.com/english/advisories/2008/1793/references

bugzilla.mozilla.org/show_bug.cgi?id=394610

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11154

www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2008-0417

mozilla1 veracode1 prion1 ubuntucve1 securityvulns2 openvas112 nessus29 fedora32 seebug1 oraclelinux2 debian6 suse1 centos3 redhat2 freebsd1 osv3 ubuntu1