CVE Vulnerability

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://secunia.com/advisories/32192 Permissions Required Third Party Advisory
http://liudieyu0.blog124.fc2.com/blog-entry-6.html Broken Link
http://www.securityfocus.com/bid/31747 Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=455311 Issue Tracking
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html Vendor Advisory
http://secunia.com/advisories/32721 Permissions Required Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html Not Applicable
http://www.us-cert.gov/cas/techalerts/TA08-319A.html Third Party Advisory US Government Resource
http://secunia.com/advisories/32845 Permissions Required Third Party Advisory
http://www.debian.org/security/2008/dsa-1669 Third Party Advisory
http://secunia.com/advisories/32693 Permissions Required Third Party Advisory
http://secunia.com/advisories/32714 Permissions Required Third Party Advisory
http://www.debian.org/security/2008/dsa-1671 Third Party Advisory
http://www.securityfocus.com/bid/31611 Third Party Advisory VDB Entry
http://securitytracker.com/alerts/2008/Nov/1021212.html Third Party Advisory VDB Entry
http://secunia.com/advisories/33433 Permissions Required Third Party Advisory
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory
http://securityreason.com/securityalert/4416 Third Party Advisory
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory
http://secunia.com/advisories/33434 Permissions Required Third Party Advisory
http://secunia.com/advisories/34501 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977 Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link
http://www.securitytracker.com/id?1021190 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2818 Not Applicable
http://secunia.com/advisories/32684 Permissions Required Third Party Advisory
http://ubuntu.com/usn/usn-667-1 Third Party Advisory
http://secunia.com/advisories/32853 Permissions Required Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html Not Applicable
http://secunia.com/advisories/32778 Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45740
http://www.securityfocus.com/archive/1/497091/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Information

Published : 2008-10-15 08:08

Updated : 2018-10-30 04:25

NVD link : CVE-2008-4582

Mitre link : CVE-2008-4582

Products Affected
No products.
CWE
CWE-264