CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
References
Link Resource
http://secunia.com/advisories/32192 Permissions Required Third Party Advisory
http://liudieyu0.blog124.fc2.com/blog-entry-6.html Broken Link
http://www.securityfocus.com/bid/31747 Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=455311 Issue Tracking
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html Vendor Advisory
http://secunia.com/advisories/32721 Permissions Required Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html Not Applicable
http://www.us-cert.gov/cas/techalerts/TA08-319A.html Third Party Advisory US Government Resource
http://secunia.com/advisories/32845 Permissions Required Third Party Advisory
http://www.debian.org/security/2008/dsa-1669 Third Party Advisory
http://secunia.com/advisories/32693 Permissions Required Third Party Advisory
http://secunia.com/advisories/32714 Permissions Required Third Party Advisory
http://www.debian.org/security/2008/dsa-1671 Third Party Advisory
http://www.securityfocus.com/bid/31611 Third Party Advisory VDB Entry
http://securitytracker.com/alerts/2008/Nov/1021212.html Third Party Advisory VDB Entry
http://secunia.com/advisories/33433 Permissions Required Third Party Advisory
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory
http://securityreason.com/securityalert/4416 Third Party Advisory
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory
http://secunia.com/advisories/33434 Permissions Required Third Party Advisory
http://secunia.com/advisories/34501 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977 Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link
http://www.securitytracker.com/id?1021190 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2818 Not Applicable
http://secunia.com/advisories/32684 Permissions Required Third Party Advisory
http://ubuntu.com/usn/usn-667-1 Third Party Advisory
http://secunia.com/advisories/32853 Permissions Required Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html Not Applicable
http://secunia.com/advisories/32778 Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45740
http://www.securityfocus.com/archive/1/497091/100/0/threaded
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Information

Published : 2008-10-15 13:08

Updated : 2018-10-30 09:25


NVD link : CVE-2008-4582

Mitre link : CVE-2008-4582


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

microsoft

  • windows

mozilla

  • firefox
  • seamonkey

canonical

  • ubuntu_linux

debian

  • debian_linux