5.9 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass “restrictions imposed on local HTML files,” and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 6.06 | |
ubuntu_linux | eq | 7.04 | |
ubuntu_linux | eq | 7.10 | |
ubuntu_linux | eq | 8.04 | |
debian_linux | eq | 4.0 | |
firefox | lt | 2.0.0.17 | |
firefox | ge | 3.0 | |
firefox | lt | 3.0.2 | |
seamonkey | lt | 1.1.12 | |
thunderbird | lt | 2.0.0.17 |
download.novell.com/Download?buildid=WZXONb-tqBw~
lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
secunia.com/advisories/31984
secunia.com/advisories/31985
secunia.com/advisories/31987
secunia.com/advisories/32007
secunia.com/advisories/32010
secunia.com/advisories/32011
secunia.com/advisories/32012
secunia.com/advisories/32025
secunia.com/advisories/32042
secunia.com/advisories/32044
secunia.com/advisories/32082
secunia.com/advisories/32089
secunia.com/advisories/32092
secunia.com/advisories/32095
secunia.com/advisories/32096
secunia.com/advisories/32144
secunia.com/advisories/32185
secunia.com/advisories/32196
secunia.com/advisories/32845
secunia.com/advisories/33433
secunia.com/advisories/33434
secunia.com/advisories/34501
slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
www.debian.org/security/2008/dsa-1649
www.debian.org/security/2008/dsa-1669
www.debian.org/security/2009/dsa-1696
www.debian.org/security/2009/dsa-1697
www.mandriva.com/security/advisories?name=MDVSA-2008:205
www.mandriva.com/security/advisories?name=MDVSA-2008:206
www.mozilla.org/security/announce/2008/mfsa2008-44.html
www.redhat.com/support/errata/RHSA-2008-0879.html
www.redhat.com/support/errata/RHSA-2008-0882.html
www.redhat.com/support/errata/RHSA-2008-0908.html
www.securityfocus.com/bid/31346
www.securitytracker.com/id?1020921
www.ubuntu.com/usn/usn-645-1
www.ubuntu.com/usn/usn-645-2
www.ubuntu.com/usn/usn-647-1
www.vupen.com/english/advisories/2008/2661
www.vupen.com/english/advisories/2009/0977
exchange.xforce.ibmcloud.com/vulnerabilities/45360
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11471
www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html