Lucene search

[email protected]NVD:CVE-2008-4582

HistoryOct 15, 2008 - 8:08 p.m.

CVE-2008-4582

2008-10-1520:08:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

Affected configurations

Nvd

Node

debiandebian_linuxMatch4.0

Node

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

AND

microsoftwindows

Node

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

AND

microsoftwindows

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch7.10

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch8.10

Node

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

AND

microsoftwindows

References

liudieyu0.blog124.fc2.com/blog-entry-6.html

secunia.com/advisories/32192

secunia.com/advisories/32684

secunia.com/advisories/32693

secunia.com/advisories/32714

secunia.com/advisories/32721

secunia.com/advisories/32778

secunia.com/advisories/32845

secunia.com/advisories/32853

secunia.com/advisories/33433

secunia.com/advisories/33434

secunia.com/advisories/34501

securityreason.com/securityalert/4416

securitytracker.com/alerts/2008/Nov/1021212.html

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

ubuntu.com/usn/usn-667-1

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2008/dsa-1671

www.debian.org/security/2009/dsa-1696

www.debian.org/security/2009/dsa-1697

www.mozilla.org/security/announce/2008/mfsa2008-47.html

www.securityfocus.com/archive/1/497091/100/0/threaded

www.securityfocus.com/bid/31611

www.securityfocus.com/bid/31747

www.securitytracker.com/id?1021190

www.us-cert.gov/cas/techalerts/TA08-319A.html

www.vupen.com/english/advisories/2008/2818

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=455311

exchange.xforce.ibmcloud.com/vulnerabilities/45740

www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Related for NVD:CVE-2008-4582

cve3 ubuntucve3 cvelist3 prion3 openvas100 securityvulns3 veracode1 seebug1 mozilla2 nvd2 debian1 nessus17 osv1 fedora49 oraclelinux3 redhat3 centos4