CVE-2008-4068

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-44.html", "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-44.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "name": "SSA:2008-269-01", "tags": ["Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "name": "MDVSA-2008:205", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/32042", "name": "32042", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-647-1", "name": "USN-647-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/32092", "name": "32092", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "name": "RHSA-2008:0908", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/32025", "name": "32025", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "name": "SSA:2008-269-02", "tags": ["Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "name": "FEDORA-2008-8429", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/32089", "name": "32089", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32082", "name": "32082", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "name": "SSA:2008-270-01", "tags": ["Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "name": "FEDORA-2008-8401", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/32144", "name": "32144", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32044", "name": "32044", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "name": "SUSE-SA:2008:050", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/32095", "name": "32095", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32096", "name": "32096", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html", "name": "FEDORA-2008-8425", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "name": "MDVSA-2008:206", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/32845", "name": "32845", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2008/dsa-1669", "name": "DSA-1669", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0879.html", "name": "RHSA-2008:0879", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "name": "RHSA-2008:0882", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.ubuntu.com/usn/usn-645-2", "name": "USN-645-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.securitytracker.com/id?1020921", "name": "1020921", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/31987", "name": "31987", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32012", "name": "32012", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31984", "name": "31984", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31985", "name": "31985", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/31346", "name": "31346", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/32010", "name": "32010", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32011", "name": "32011", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-645-1", "name": "USN-645-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/32007", "name": "32007", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1697", "name": "DSA-1697", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/33433", "name": "33433", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33434", "name": "33434", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1696", "name": "DSA-1696", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.vupen.com/english/advisories/2009/0977", "name": "ADV-2009-0977", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/34501", "name": "34501", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1", "name": "256408", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2008/2661", "name": "ADV-2008-2661", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/32185", "name": "32185", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32196", "name": "32196", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2008/dsa-1649", "name": "DSA-1649", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45360", "name": "mozilla-resourceprotocol-info-disclosure(45360)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11471", "name": "oval:org.mitre.oval:def:11471", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass \"restrictions imposed on local HTML files,\" and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4068", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-09-24T20:37Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.0.2", "versionStartIncluding": "3.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.12"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.17"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.17"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-01T15:15Z"}