Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2008-02
HistoryFeb 07, 2008 - 12:00 a.m.

Multiple file input focus stealing vulnerabilities — Mozilla

2008-02-0700:00:00
Mozilla Foundation
www.mozilla.org
13

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.8%

JSON

Security researchers hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside tags to take advantage of automatic focus shifting into the file input field noted on the Hacker WebZine. As with the earlier reported issues this issue could be used to force a user to upload arbitrary files assuming the attacker knows the full path and name of the file.

CPENameOperatorVersion
firefoxlt2.0.0.12
seamonkeylt1.1.8

Related

securityvulns 2
prion 1
ubuntucve 1
cve 1
nessus 27
redhat 1
oraclelinux 1
centos 2
openvas 46
fedora 32
seebug 1
debian 6
suse 1
freebsd 1
osv 3
ubuntu 1
gentoo 1
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-02
2008-02-10 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
2008-02-11 00:00:00
prion
prion
Spoofing
2008-02-08 22:00:00
ubuntucve
ubuntucve
CVE-2008-0414
2008-02-08 00:00:00
cve
cve
CVE-2008-0414
2008-02-08 22:00:00
nessus
nessus
openSUSE 10 Security Update : epiphany (epiphany-5102)
2008-03-19 00:00:00
CentOS 3 / 4 : seamonkey (CESA-2008:0208)
2008-03-28 00:00:00
RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0208)
2008-03-28 00:00:00
redhat
redhat
(RHSA-2008:0208) Critical: seamonkey security update
2008-03-27 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2008-03-28 00:00:00
centos
centos
seamonkey security update
2008-03-28 04:51:58
seamonkey security update
2008-03-28 11:28:19
openvas
openvas
Fedora Update for seamonkey FEDORA-2008-1459
2009-02-16 00:00:00
Fedora Update for seamonkey FEDORA-2008-1669
2009-02-16 00:00:00
Fedora Update for gtkmozembedmm FEDORA-2008-1535
2009-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: seamonkey-1.1.8-1.fc8
2008-02-13 04:53:43
[SECURITY] Fedora 7 Update: seamonkey-1.1.8-1.fc7
2008-02-13 15:10:50
[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-7
2008-02-13 04:51:06
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12修复多个安全漏洞
2008-02-22 00:00:00
debian
debian
[SECURITY] [DSA 1506-2] New iceape packages fix regression
2008-03-20 01:41:06
[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
2008-02-24 12:30:41
[SECURITY] [DSA 1484-1] New xulrunner packages fix several vulnerabilities
2008-02-10 20:23:48
suse
suse
remote code execution in MozillaFirefox,seamonkey
2008-02-15 17:07:07
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-02-07 00:00:00
osv
osv
iceweasel - several vulnerabilities
2008-02-10 00:00:00
xulrunner - several vulnerabilities
2008-02-10 00:00:00
iceape - several vulnerabilities
2008-02-24 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2008-02-08 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for MFSA2008-02
securityvulns2prion1ubuntucve1cve1nessus27redhat1oraclelinux1centos2openvas46fedora32seebug1debian6suse1freebsd1osv3ubuntu1gentoo1