Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2008-07-07 16:41
Updated : 2018-10-11 13:44
NVD link : CVE-2008-2808
Mitre link : CVE-2008-2808
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_desktop_workstation
- advanced_workstation_for_the_itanium_processor
- desktop
- fedora
mozilla
- thunderbird
- firefox
- seamonkey
ubuntu
- ubuntu_linux