4.3

CVE-2008-4582

EPSS 35.58%
Published 15.10.2008 20:08:02
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

Affected products Warnungen 0 Metrics 2 CWE 0 References 35

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version4.0

Mozilla ≫ Firefox Version3.0.1

Microsoft ≫ Windows

Mozilla ≫ Firefox Version3.0.2

Microsoft ≫ Windows

Mozilla ≫ Firefox Version3.0.3

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.1

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.10

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.11

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.12

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.13

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.14

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.15

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.16

Microsoft ≫ Windows

Mozilla ≫ Firefox Version2.0.0.17

Microsoft ≫ Windows

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version8.10

Mozilla ≫ Seamonkey Version1.0

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0 Updatealpha

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.1

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.2

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.3

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.4

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.5

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.6

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.7

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.8

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.0.9

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1 Updatealpha

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1 Updatebeta

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.1

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.2

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.3

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.4

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.5

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.6

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.7

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.8

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.9

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.10

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.11

Microsoft ≫ Windows

Mozilla ≫ Seamonkey Version1.1.12

Microsoft ≫ Windows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	35.58%	0.967

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/33433

Third Party Advisory

Permissions Required

http://www.debian.org/security/2009/dsa-1697

Third Party Advisory

http://secunia.com/advisories/33434

Third Party Advisory

Permissions Required

http://www.debian.org/security/2009/dsa-1696

Third Party Advisory

http://secunia.com/advisories/34501

Third Party Advisory

Permissions Required

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Broken Link

http://www.vupen.com/english/advisories/2009/0977

Not Applicable

http://secunia.com/advisories/32845

Third Party Advisory

Permissions Required

http://www.debian.org/security/2008/dsa-1669

Third Party Advisory

http://liudieyu0.blog124.fc2.com/blog-entry-6.html

Broken Link

http://secunia.com/advisories/32192

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32684

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32693

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32714

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32721

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32778

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32853

Third Party Advisory

Permissions Required

http://securityreason.com/securityalert/4416

Third Party Advisory

http://securitytracker.com/alerts/2008/Nov/1021212.html

Third Party Advisory

VDB Entry

http://ubuntu.com/usn/usn-667-1

Third Party Advisory

http://www.debian.org/security/2008/dsa-1671

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-47.html

Vendor Advisory

http://www.securityfocus.com/archive/1/497091/100/0/threaded

http://www.securityfocus.com/bid/31611

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/31747

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1021190

Third Party Advisory

VDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2008/2818

Not Applicable

https://bugzilla.mozilla.org/show_bug.cgi?id=455311

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/45740

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Not Applicable

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2008-4582

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4582

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4582

EUVD