7.8

CVE-2008-4068

EPSS 0.19%
Published 24.09.2008 20:37:04
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

Affected products Warnungen 0 Metrics 2 CWE 1 References 53

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 2.0.0.17

Mozilla ≫ Firefox Version >= 3.0 < 3.0.2

Mozilla ≫ Seamonkey Version < 1.1.12

Mozilla ≫ Thunderbird Version < 2.0.0.17

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.408

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/33433

Third Party Advisory

http://www.debian.org/security/2009/dsa-1697

Third Party Advisory

http://secunia.com/advisories/33434

Third Party Advisory

http://www.debian.org/security/2009/dsa-1696

Third Party Advisory

http://secunia.com/advisories/34501

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Broken Link

http://www.vupen.com/english/advisories/2009/0977

Third Party Advisory

http://download.novell.com/Download?buildid=WZXONb-tqBw~

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Third Party Advisory

http://secunia.com/advisories/31984

Third Party Advisory

http://secunia.com/advisories/31985

Third Party Advisory

http://secunia.com/advisories/32010

Third Party Advisory

http://secunia.com/advisories/32012

Third Party Advisory

http://secunia.com/advisories/32042

Third Party Advisory

http://secunia.com/advisories/32044

Third Party Advisory

http://secunia.com/advisories/32082

Third Party Advisory

http://secunia.com/advisories/32092

Third Party Advisory

http://secunia.com/advisories/32144

Third Party Advisory

http://secunia.com/advisories/32185

Third Party Advisory

http://secunia.com/advisories/32196

Third Party Advisory

http://secunia.com/advisories/32845

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Third Party Advisory

http://www.debian.org/security/2008/dsa-1649

Third Party Advisory

http://www.debian.org/security/2008/dsa-1669

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0882.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0908.html

Third Party Advisory

http://www.ubuntu.com/usn/usn-645-1

Third Party Advisory

http://www.ubuntu.com/usn/usn-645-2

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2661

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Third Party Advisory

http://secunia.com/advisories/32007

Third Party Advisory

http://secunia.com/advisories/32025

Third Party Advisory

http://www.securityfocus.com/bid/31346

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-647-1

Third Party Advisory

http://secunia.com/advisories/31987

Third Party Advisory

http://secunia.com/advisories/32011

Third Party Advisory

http://secunia.com/advisories/32089

Third Party Advisory

http://secunia.com/advisories/32095

Third Party Advisory

http://secunia.com/advisories/32096

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0879.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

Vendor Advisory

http://www.securitytracker.com/id?1020921

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/45360

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11471

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-4068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4068

EUVD