Lucene search

[email protected]CVE-2008-4068

HistorySep 24, 2008 - 8:37 p.m.

CVE-2008-4068

2008-09-2420:37:00

CWE-22

[email protected]

web.nvd.nist.gov

mozilla

firefox

thunderbird

nvd

cve-2008-4068

directory traversal

vulnerability

security

8.9 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass “restrictions imposed on local HTML files,” and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt2.0.0.17
mozilla:firefoxmozilla firefoxlt3.0.2
mozilla:seamonkeymozilla seamonkeylt1.1.12
mozilla:thunderbirdmozilla thunderbirdlt2.0.0.17
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	2.0.0.17
mozilla:firefox	mozilla firefox	lt	3.0.2
mozilla:seamonkey	mozilla seamonkey	lt	1.1.12
mozilla:thunderbird	mozilla thunderbird	lt	2.0.0.17
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04

References

download.novell.com/Download?buildid=WZXONb-tqBw~

lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

secunia.com/advisories/31984

secunia.com/advisories/31985

secunia.com/advisories/31987

secunia.com/advisories/32007

secunia.com/advisories/32010

secunia.com/advisories/32011

secunia.com/advisories/32012

secunia.com/advisories/32025

secunia.com/advisories/32042

secunia.com/advisories/32044

secunia.com/advisories/32082

secunia.com/advisories/32089

secunia.com/advisories/32092

secunia.com/advisories/32095

secunia.com/advisories/32096

secunia.com/advisories/32144

secunia.com/advisories/32185

secunia.com/advisories/32196

secunia.com/advisories/32845

secunia.com/advisories/33433

secunia.com/advisories/33434

secunia.com/advisories/34501

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

www.debian.org/security/2008/dsa-1649

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2009/dsa-1696

www.debian.org/security/2009/dsa-1697

www.mandriva.com/security/advisories?name=MDVSA-2008:205

www.mandriva.com/security/advisories?name=MDVSA-2008:206

www.mozilla.org/security/announce/2008/mfsa2008-44.html

www.redhat.com/support/errata/RHSA-2008-0879.html

www.redhat.com/support/errata/RHSA-2008-0882.html

www.redhat.com/support/errata/RHSA-2008-0908.html

www.securityfocus.com/bid/31346

www.securitytracker.com/id?1020921

www.ubuntu.com/usn/usn-645-1

www.ubuntu.com/usn/usn-645-2

www.ubuntu.com/usn/usn-647-1

www.vupen.com/english/advisories/2008/2661

www.vupen.com/english/advisories/2009/0977

exchange.xforce.ibmcloud.com/vulnerabilities/45360

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11471

www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

8.9 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2008-4068

ubuntucve1 prion1 veracode1 securityvulns1 mozilla1 fedora41 openvas111 nessus28 redhat3 oraclelinux3 centos4 ubuntu1 debian1 osv1 freebsd1