Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-2808

Опубликовано: 07 июл. 2008
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:redhat:advanced_workstation_for_the_itanium_processor:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5_server:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:as_2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:as_3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:as_4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:es_2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:es_3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:es_4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:ws_2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:ws_3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:ws_4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5_client:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_workstation:5_client:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:lts_sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:lpia:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*

Одно из

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0_8:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.02079
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2008-2808

ubuntu
почти 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

redhat логотип

CVE-2008-2808

redhat
почти 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

debian логотип

CVE-2008-2808

debian
почти 17 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...

github логотип

GHSA-g23j-wvjf-2p27

github
около 3 лет назад

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

oracle-oval логотип

ELSA-2008-0569

oracle-oval
почти 17 лет назад

ELSA-2008-0569: firefox security update (CRITICAL)

EPSS

Процентиль: 83%
0.02079
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79