4.3

CVE-2008-0418

EPSS 38.66%
Veröffentlicht 08.02.2008 22:00:00
Zuletzt bearbeitet 23.04.2026 00:35:47
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 70

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 2.0.0.11

Mozilla ≫ Seamonkey Version <= 1.1.7

Mozilla ≫ Thunderbird Version <= 2.0.0.11

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	38.66%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.vupen.com/english/advisories/2008/1793/references

http://browser.netscape.com/releasenotes/

http://secunia.com/advisories/29164

http://wiki.rpath.com/Advisories:rPSA-2008-0093

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

http://www.securityfocus.com/archive/1/488002/100/0/threaded

http://www.securityfocus.com/archive/1/488971/100/0/threaded

https://issues.rpath.com/browse/RPL-1995

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

http://secunia.com/advisories/28754

http://secunia.com/advisories/28766

http://secunia.com/advisories/28808

http://secunia.com/advisories/28815

http://secunia.com/advisories/28818

http://secunia.com/advisories/28839

http://secunia.com/advisories/28864

http://secunia.com/advisories/28865

http://secunia.com/advisories/28877

http://secunia.com/advisories/28879

http://secunia.com/advisories/28924

http://secunia.com/advisories/28939

http://secunia.com/advisories/28958

http://secunia.com/advisories/29049

http://secunia.com/advisories/29086

http://secunia.com/advisories/29098

http://secunia.com/advisories/29167

http://secunia.com/advisories/29211

http://secunia.com/advisories/29567

http://secunia.com/advisories/31043

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://www.debian.org/security/2008/dsa-1484

http://www.debian.org/security/2008/dsa-1485

http://www.debian.org/security/2008/dsa-1489

http://www.debian.org/security/2008/dsa-1506

http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

http://www.mandriva.com/security/advisories?name=MDVSA-2008:062

http://www.redhat.com/support/errata/RHSA-2008-0103.html

http://www.redhat.com/support/errata/RHSA-2008-0104.html

http://www.redhat.com/support/errata/RHSA-2008-0105.html

http://www.securityfocus.com/archive/1/487826/100/0/threaded

http://www.ubuntu.com/usn/usn-576-1

http://www.ubuntu.com/usn/usn-582-1

http://www.ubuntu.com/usn/usn-582-2

http://www.vupen.com/english/advisories/2008/0453/references

http://www.vupen.com/english/advisories/2008/0454/references

http://www.vupen.com/english/advisories/2008/0627/references

http://www.vupen.com/english/advisories/2008/2091/references

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

http://secunia.com/advisories/28622/

http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/

http://www.kb.cert.org/vuls/id/309608

US Government Resource

http://www.mozilla.org/security/announce/2008/mfsa2008-05.html

http://www.securityfocus.com/bid/27406

http://www.securitytracker.com/id?1019329

http://www.vupen.com/english/advisories/2008/0263

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705

https://nvd.nist.gov/vuln/detail/CVE-2008-0418

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0418

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0418

EUVD