2.6

CVE-2008-2933

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540.  NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.15
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version1.5.0.8
MozillaFirefox Version1.5.0.9
MozillaFirefox Version1.5.0.10
MozillaFirefox Version1.5.0.11
MozillaFirefox Version1.5.0.12
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Version1.5.4
MozillaFirefox Version1.5.5
MozillaFirefox Version1.5.6
MozillaFirefox Version1.5.7
MozillaFirefox Version1.5.8
MozillaFirefox Version1.8
MozillaFirefox Version2.0
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaFirefox Version2.0.0.14
MozillaFirefox Version2.0_.1
MozillaFirefox Version2.0_.4
MozillaFirefox Version2.0_.5
MozillaFirefox Version2.0_.6
MozillaFirefox Version2.0_.7
MozillaFirefox Version2.0_.9
MozillaFirefox Version2.0_.10
MozillaFirefox Version2.0_8
MozillaFirefox Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.75% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/31377
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://secunia.com/advisories/31121
http://secunia.com/advisories/31129
http://secunia.com/advisories/31145
http://secunia.com/advisories/31157
http://secunia.com/advisories/31176
http://secunia.com/advisories/31183
http://secunia.com/advisories/31261
http://secunia.com/advisories/31270
http://secunia.com/advisories/31306
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
http://www.debian.org/security/2008/dsa-1614
http://www.debian.org/security/2008/dsa-1615
http://www.mandriva.com/security/advisories?name=MDVSA-2008:148
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400
http://www.redhat.com/support/errata/RHSA-2008-0597.html
http://www.redhat.com/support/errata/RHSA-2008-0598.html
http://www.securityfocus.com/archive/1/494860/100/0/threaded
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974
http://www.ubuntu.com/usn/usn-623-1
http://www.ubuntu.com/usn/usn-626-1
http://www.ubuntu.com/usn/usn-626-2
http://www.vupen.com/english/advisories/2009/0977
https://issues.rpath.com/browse/RPL-2683
http://secunia.com/advisories/31106
http://secunia.com/advisories/31120
http://www.kb.cert.org/vuls/id/130923
US Government Resource
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
http://www.securityfocus.com/bid/30242
http://www.securitytracker.com/id?1020500
https://bugzilla.mozilla.org/show_bug.cgi?id=441120
https://exchange.xforce.ibmcloud.com/vulnerabilities/43832
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618