4.3

CVE-2008-4067

Exploit
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 2.0.0.17
   LinuxLinux Kernel Version-
MozillaFirefox Version >= 3.0 < 3.0.2
   LinuxLinux Kernel Version-
MozillaSeamonkey Version < 1.1.12
   LinuxLinux Kernel Version-
MozillaThunderbird Version < 2.0.0.17
   LinuxLinux Kernel Version-
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.44% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://bugzilla.mozilla.org/show_bug.cgi?id=380994
Vendor Advisory
Exploit
Issue Tracking
http://secunia.com/advisories/33433
Third Party Advisory
http://www.debian.org/security/2009/dsa-1697
Third Party Advisory
http://secunia.com/advisories/33434
Third Party Advisory
http://www.debian.org/security/2009/dsa-1696
Third Party Advisory
http://secunia.com/advisories/34501
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Broken Link
http://www.vupen.com/english/advisories/2009/0977
Third Party Advisory
http://download.novell.com/Download?buildid=WZXONb-tqBw~
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
Third Party Advisory
http://secunia.com/advisories/31984
Third Party Advisory
http://secunia.com/advisories/31985
Third Party Advisory
http://secunia.com/advisories/32010
Third Party Advisory
http://secunia.com/advisories/32012
Third Party Advisory
http://secunia.com/advisories/32042
Third Party Advisory
http://secunia.com/advisories/32044
Third Party Advisory
http://secunia.com/advisories/32082
Third Party Advisory
http://secunia.com/advisories/32092
Third Party Advisory
http://secunia.com/advisories/32144
Third Party Advisory
http://secunia.com/advisories/32185
Third Party Advisory
http://secunia.com/advisories/32196
Third Party Advisory
http://secunia.com/advisories/32845
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
Third Party Advisory
http://www.debian.org/security/2008/dsa-1649
Third Party Advisory
http://www.debian.org/security/2008/dsa-1669
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0882.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0908.html
Third Party Advisory
http://www.ubuntu.com/usn/usn-645-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-645-2
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2661
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Third Party Advisory
http://secunia.com/advisories/32007
Third Party Advisory
http://secunia.com/advisories/32025
Third Party Advisory
http://www.securityfocus.com/bid/31346
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-647-1
Third Party Advisory
http://secunia.com/advisories/31987
Third Party Advisory
http://secunia.com/advisories/32011
Third Party Advisory
http://secunia.com/advisories/32089
Third Party Advisory
http://secunia.com/advisories/32095
Third Party Advisory
http://secunia.com/advisories/32096
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0879.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
Third Party Advisory
http://www.0x000000.com/?i=422
Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
Vendor Advisory
http://www.securitytracker.com/id?1020921
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=394075
Vendor Advisory
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/45359
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10770
Third Party Advisory