fkie_cve-2008-2808
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2024-11-21 00:47
Severity ?
Summary
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2008-0616.html
secalert@redhat.comhttp://secunia.com/advisories/30878
secalert@redhat.comhttp://secunia.com/advisories/30898
secalert@redhat.comhttp://secunia.com/advisories/30903
secalert@redhat.comhttp://secunia.com/advisories/30911Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30949
secalert@redhat.comhttp://secunia.com/advisories/31005
secalert@redhat.comhttp://secunia.com/advisories/31008
secalert@redhat.comhttp://secunia.com/advisories/31021
secalert@redhat.comhttp://secunia.com/advisories/31023
secalert@redhat.comhttp://secunia.com/advisories/31069
secalert@redhat.comhttp://secunia.com/advisories/31076
secalert@redhat.comhttp://secunia.com/advisories/31183
secalert@redhat.comhttp://secunia.com/advisories/31195
secalert@redhat.comhttp://secunia.com/advisories/31377
secalert@redhat.comhttp://secunia.com/advisories/33433
secalert@redhat.comhttp://secunia.com/advisories/34501
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200808-03.xml
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2008-0216
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1607
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1615
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1697
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:136
secalert@redhat.comhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
secalert@redhat.comhttp://www.mozilla.org/security/announce/2008/mfsa2008-30.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0547.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0549.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0569.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/494080/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/30038
secalert@redhat.comhttp://www.securitytracker.com/id?1020419
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-619-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1993/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0977
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=411433
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2646
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2008-0616.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30878
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30898
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30903
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30911Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30949
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31005
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31008
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31021
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31023
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31069
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31076
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31183
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31377
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33433
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34501
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200808-03.xml
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0216
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1607
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1615
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1697
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0547.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0549.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0569.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30038
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020419
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-619-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1993/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0977
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=411433
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2646
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Impacted products
Vendor Product Version
redhat advanced_workstation_for_the_itanium_processor 2.1
redhat desktop 3.0
redhat desktop 4.0
redhat enterprise_linux 5_server
redhat enterprise_linux as_2.1
redhat enterprise_linux as_3
redhat enterprise_linux as_4
redhat enterprise_linux es_2.1
redhat enterprise_linux es_3
redhat enterprise_linux es_4
redhat enterprise_linux ws_2.1
redhat enterprise_linux ws_3
redhat enterprise_linux ws_4
redhat enterprise_linux_desktop 5_client
redhat enterprise_linux_desktop_workstation 5_client
redhat fedora 8
ubuntu ubuntu_linux 6.06
ubuntu ubuntu_linux 6.06
ubuntu ubuntu_linux 6.06
ubuntu ubuntu_linux 6.06
ubuntu ubuntu_linux 7.04
ubuntu ubuntu_linux 7.04
ubuntu ubuntu_linux 7.04
ubuntu ubuntu_linux 7.04
ubuntu ubuntu_linux 7.10
ubuntu ubuntu_linux 7.10
ubuntu ubuntu_linux 7.10
ubuntu ubuntu_linux 7.10
ubuntu ubuntu_linux 7.10
mozilla firefox 2.0
mozilla firefox 2.0
mozilla firefox 2.0
mozilla firefox 2.0
mozilla firefox 2.0.0.2
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.14
mozilla firefox 2.0_.1
mozilla firefox 2.0_.4
mozilla firefox 2.0_.5
mozilla firefox 2.0_.6
mozilla firefox 2.0_.9
mozilla firefox 2.0_.10
mozilla firefox 2.0_8
mozilla seamonkey 1.1
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.9
mozilla thunderbird 2.0_.4
mozilla thunderbird 2.0_.5
mozilla thunderbird 2.0_.6
mozilla thunderbird 2.0_.9
mozilla thunderbird 2.0_.12
mozilla thunderbird 2.0_.13
mozilla thunderbird 2.0_.14
mozilla thunderbird 2.0_8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:advanced_workstation_for_the_itanium_processor:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D34CFC7-5112-45FA-A550-07C1174819CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C8CB34E-02FE-4F90-9642-B56D3B3ACEF6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:desktop:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB2579A-2BC9-4E16-9641-248222301660",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5_server:*:*:*:*:*:*:*",
              "matchCriteriaId": "4089D3E3-C845-46F4-B4FC-8556D025704E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:as_2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF3EAB41-5B36-4D27-B319-17687D89868E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:as_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "421C0021-66EB-4F4C-9D79-6366A4702CC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:as_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23BD8DF-6E8E-4DF2-A700-8E050D967547",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:es_2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "627D828A-A35B-4072-AFBA-1D26C68506F6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:es_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0FE33D-756C-449F-B54C-8677C9AD002D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:es_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1F027-C9FF-4583-AB40-E0B757F9EE41",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB10F52-FF81-4297-A4D3-D3298273D894",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EA8914F-DB6D-4C21-A727-8B94BE0424BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B18EBE6E-482D-435D-851C-73EC301F0A26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5_client:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C1E0CDD-78D0-4156-8572-6D430EF5499E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_workstation:5_client:*:*:*:*:*:*:*",
              "matchCriteriaId": "043A85D0-7F3E-4EC9-9065-3F996B9A0A94",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_amd64:*:*:*:*:*",
              "matchCriteriaId": "3107F20F-386F-4BF0-814F-4D7CAF0A2CBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_i386:*:*:*:*:*",
              "matchCriteriaId": "C027333C-8364-407A-B6D6-7B328C384632",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_powerpc:*:*:*:*:*",
              "matchCriteriaId": "B608D1D1-F05D-4F1B-BDED-A47EEC0E37FE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_sparc:*:*:*:*:*",
              "matchCriteriaId": "64E79B04-2A84-4A5D-90F3-D4F02FDBA09D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "7BD79C43-2615-47DE-A100-D21482D866F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:i386:*:*:*:*:*",
              "matchCriteriaId": "1856594D-7D84-4830-A8A7-2C9D4C2D61FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "0B20DDF0-2FAB-4EB0-B62D-2351514B2808",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "B7748895-CE00-4BB8-BFCD-A5559BA15869",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "FB928CC9-0BC3-4AE1-B20B-A58A4C4AAE24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*",
              "matchCriteriaId": "BB850565-A800-44A6-945E-CB235531C5DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:lpia:*:*:*:*:*",
              "matchCriteriaId": "A1BB8BDA-3F7A-408F-97FC-CBE422A09CCA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "3F37A796-E028-4247-A5E6-66B89A583F87",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "61DA44B7-FE1A-4452-843E-EAF1404B86F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F61EA4A1-1916-48A5-8196-E3CDEF3108F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F5AA254D-D41E-464F-9E2A-A950F08C6946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D609B2-F66C-40F1-B7D9-965189F875A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "327D8879-0B61-4681-886D-C53BE251E0ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59017F18-6C4E-4803-8A65-DB2A849C3197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF006282-943B-4885-B523-6E575D664059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC11707-DF87-4046-964D-40CF22385A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73F1171-E34D-4AC0-BF8B-3DB38AA13EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0422C796-ECC4-42C1-9580-1CE22A096244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "D58B704B-F06E-44C1-BBD1-A090D1E6583A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40270FBD-744A-49D9-9FFA-1DCD897210D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E01097-F60A-4FB2-BA47-84A267EE87D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F65732F-317B-49A2-B9B0-FA1102B8B45C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB430F19-069A-43FD-9097-586D4449D327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E6D7528-E591-48A6-8165-BE42F8EBF6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA710423-0075-44B8-9DCB-6380FA974486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5521DA3-E6AF-4350-B971-10B4A1C9B1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD15752-A253-47B1-BCE0-B55B84B47C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "63AF48A9-C161-4603-82F0-5D2DE1EBA498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "821E46E8-B084-4762-86F0-002CA288B522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A084C258-7D78-4F6D-8E24-00BE9608EBFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "893FD2C8-C8EF-4ED3-9B7C-82D8DA9A1C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9FEA455-E605-4CE3-A951-760D59091C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1758117-4865-42A4-8110-2250924E21FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "81AF4BFB-EC89-454B-89DF-FC8F6102E28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8013986B-DCAF-44A1-BA63-5BBA6762720F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o tener otros impactos no especificados mediante un nombre de archivo modificado."
    }
  ],
  "id": "CVE-2008-2808",
  "lastModified": "2024-11-21T00:47:45.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-07-07T23:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30878"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30898"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30903"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30911"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30949"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31008"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31021"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31069"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31076"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31377"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33433"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34501"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1607"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1615"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1697"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/30038"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1020419"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-619-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1993/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/0977"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2646"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-30.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-619-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1993/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.