Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

Published

2008-07-07T23:41:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redhat	advanced_workstation_for_the_itanium_processor	2.1	No
Operating System	redhat	desktop	3.0	No
Operating System	redhat	desktop	4.0	No
Operating System	redhat	enterprise_linux	5_server	No
Operating System	redhat	enterprise_linux	as_2.1	No
Operating System	redhat	enterprise_linux	as_3	No
Operating System	redhat	enterprise_linux	as_4	No
Operating System	redhat	enterprise_linux	es_2.1	No
Operating System	redhat	enterprise_linux	es_3	No
Operating System	redhat	enterprise_linux	es_4	No
Operating System	redhat	enterprise_linux	ws_2.1	No
Operating System	redhat	enterprise_linux	ws_3	No
Operating System	redhat	enterprise_linux	ws_4	No
Operating System	redhat	enterprise_linux_desktop	5_client	No
Operating System	redhat	enterprise_linux_desktop_workstation	5_client	No
Operating System	redhat	fedora	8	No
Operating System	ubuntu	ubuntu_linux	6.06	No
Operating System	ubuntu	ubuntu_linux	6.06	No
Operating System	ubuntu	ubuntu_linux	6.06	No
Operating System	ubuntu	ubuntu_linux	6.06	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.10	No
Operating System	ubuntu	ubuntu_linux	7.10	No
Operating System	ubuntu	ubuntu_linux	7.10	No
Operating System	ubuntu	ubuntu_linux	7.10	No
Operating System	ubuntu	ubuntu_linux	7.10	No
Application	mozilla	firefox	2.0	Yes
Application	mozilla	firefox	2.0	Yes
Application	mozilla	firefox	2.0	Yes
Application	mozilla	firefox	2.0	Yes
Application	mozilla	firefox	2.0.0.2	Yes
Application	mozilla	firefox	2.0.0.3	Yes
Application	mozilla	firefox	2.0.0.11	Yes
Application	mozilla	firefox	2.0.0.12	Yes
Application	mozilla	firefox	2.0.0.13	Yes
Application	mozilla	firefox	2.0.0.14	Yes
Application	mozilla	firefox	2.0_.1	Yes
Application	mozilla	firefox	2.0_.4	Yes
Application	mozilla	firefox	2.0_.5	Yes
Application	mozilla	firefox	2.0_.6	Yes
Application	mozilla	firefox	2.0_.9	Yes
Application	mozilla	firefox	2.0_.10	Yes
Application	mozilla	firefox	2.0_8	Yes
Application	mozilla	seamonkey	1.1	Yes
Application	mozilla	seamonkey	1.1.1	Yes
Application	mozilla	seamonkey	1.1.2	Yes
Application	mozilla	seamonkey	1.1.3	Yes
Application	mozilla	seamonkey	1.1.4	Yes
Application	mozilla	seamonkey	1.1.5	Yes
Application	mozilla	seamonkey	1.1.6	Yes
Application	mozilla	seamonkey	1.1.7	Yes
Application	mozilla	seamonkey	1.1.8	Yes
Application	mozilla	seamonkey	1.1.9	Yes
Application	mozilla	thunderbird	2.0_.4	Yes
Application	mozilla	thunderbird	2.0_.5	Yes
Application	mozilla	thunderbird	2.0_.6	Yes
Application	mozilla	thunderbird	2.0_.9	Yes
Application	mozilla	thunderbird	2.0_.12	Yes
Application	mozilla	thunderbird	2.0_.13	Yes
Application	mozilla	thunderbird	2.0_.14	Yes
Application	mozilla	thunderbird	2.0_8	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2008-0616.html ([email protected])
http://secunia.com/advisories/30878 ([email protected])
http://secunia.com/advisories/30898 ([email protected])
http://secunia.com/advisories/30903 ([email protected])
http://secunia.com/advisories/30911 Vendor Advisory ([email protected])
http://secunia.com/advisories/30949 ([email protected])
http://secunia.com/advisories/31005 ([email protected])
http://secunia.com/advisories/31008 ([email protected])
http://secunia.com/advisories/31021 ([email protected])
http://secunia.com/advisories/31023 ([email protected])
http://secunia.com/advisories/31069 ([email protected])
http://secunia.com/advisories/31076 ([email protected])
http://secunia.com/advisories/31183 ([email protected])
http://secunia.com/advisories/31195 ([email protected])
http://secunia.com/advisories/31377 ([email protected])
http://secunia.com/advisories/33433 ([email protected])
http://secunia.com/advisories/34501 ([email protected])
http://security.gentoo.org/glsa/glsa-200808-03.xml ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 ([email protected])
http://wiki.rpath.com/Advisories:rPSA-2008-0216 ([email protected])
http://www.debian.org/security/2008/dsa-1607 ([email protected])
http://www.debian.org/security/2008/dsa-1615 ([email protected])
http://www.debian.org/security/2009/dsa-1697 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 ([email protected])
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-30.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0547.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0549.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0569.html ([email protected])
http://www.securityfocus.com/archive/1/494080/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/30038 ([email protected])
http://www.securitytracker.com/id?1020419 ([email protected])
http://www.ubuntu.com/usn/usn-619-1 ([email protected])
http://www.vupen.com/english/advisories/2008/1993/references ([email protected])
http://www.vupen.com/english/advisories/2009/0977 ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=411433 ([email protected])
https://issues.rpath.com/browse/RPL-2646 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2008-0616.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30878 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30898 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30903 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30911 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30949 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31005 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31008 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31021 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31023 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31069 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31076 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31183 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31195 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31377 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33433 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200808-03.xml (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/Advisories:rPSA-2008-0216 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1607 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1615 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1697 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-30.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0547.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0549.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0569.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/494080/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/30038 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1020419 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-619-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1993/references (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=411433 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2646 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html (af854a3a-2127-422b-91ae-364da2661108)