4.3

CVE-2008-4067

Exploit

EPSS 1.72%
Published 24.09.2008 20:37:04
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.

Affected products Warnungen 0 Metrics 2 CWE 1 References 56

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 2.0.0.17

Linux ≫ Linux Kernel Version-

Mozilla ≫ Firefox Version >= 3.0 < 3.0.2

Linux ≫ Linux Kernel Version-

Mozilla ≫ Seamonkey Version < 1.1.12

Linux ≫ Linux Kernel Version-

Mozilla ≫ Thunderbird Version < 2.0.0.17

Linux ≫ Linux Kernel Version-

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.72%	0.817

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://bugzilla.mozilla.org/show_bug.cgi?id=380994

Vendor Advisory

Exploit

Issue Tracking

http://secunia.com/advisories/33433

Third Party Advisory

http://www.debian.org/security/2009/dsa-1697

Third Party Advisory

http://secunia.com/advisories/33434

Third Party Advisory

http://www.debian.org/security/2009/dsa-1696

Third Party Advisory

http://secunia.com/advisories/34501

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Broken Link

http://www.vupen.com/english/advisories/2009/0977

Third Party Advisory

http://download.novell.com/Download?buildid=WZXONb-tqBw~

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Third Party Advisory

http://secunia.com/advisories/31984

Third Party Advisory

http://secunia.com/advisories/31985

Third Party Advisory

http://secunia.com/advisories/32010

Third Party Advisory

http://secunia.com/advisories/32012

Third Party Advisory

http://secunia.com/advisories/32042

Third Party Advisory

http://secunia.com/advisories/32044

Third Party Advisory

http://secunia.com/advisories/32082

Third Party Advisory

http://secunia.com/advisories/32092

Third Party Advisory

http://secunia.com/advisories/32144

Third Party Advisory

http://secunia.com/advisories/32185

Third Party Advisory

http://secunia.com/advisories/32196

Third Party Advisory

http://secunia.com/advisories/32845

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Third Party Advisory

http://www.debian.org/security/2008/dsa-1649

Third Party Advisory

http://www.debian.org/security/2008/dsa-1669

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0882.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0908.html

Third Party Advisory

http://www.ubuntu.com/usn/usn-645-1

Third Party Advisory

http://www.ubuntu.com/usn/usn-645-2

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2661

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Third Party Advisory

http://secunia.com/advisories/32007

Third Party Advisory

http://secunia.com/advisories/32025

Third Party Advisory

http://www.securityfocus.com/bid/31346

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-647-1

Third Party Advisory

http://secunia.com/advisories/31987

Third Party Advisory

http://secunia.com/advisories/32011

Third Party Advisory

http://secunia.com/advisories/32089

Third Party Advisory

http://secunia.com/advisories/32095

Third Party Advisory

http://secunia.com/advisories/32096

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0879.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Third Party Advisory

http://www.0x000000.com/?i=422

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

Vendor Advisory

http://www.securitytracker.com/id?1020921

Third Party Advisory

VDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=394075

Vendor Advisory

Exploit

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/45359

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10770

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-4067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4067

EUVD