Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-2808

Published: 07/07/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Enterprise Linux

Vulnerability Summary

Mozilla Firefox prior to 2.0.0.15 and SeaMonkey prior to 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 2.0.0.11

mozilla firefox 2.0.0.12

mozilla firefox 2.0

mozilla firefox 2.0_.1

mozilla seamonkey 1.1.1

mozilla seamonkey 1.1.2

mozilla seamonkey 1.1

mozilla thunderbird 2.0_.12

mozilla thunderbird 2.0_8

mozilla firefox 2.0_.9

mozilla firefox 2.0_8

mozilla seamonkey 1.1.8

mozilla seamonkey 1.1.9

mozilla thunderbird 2.0_.6

mozilla thunderbird 2.0_.9

mozilla firefox 2.0.0.2

mozilla firefox 2.0.0.3

mozilla firefox 2.0_.5

mozilla firefox 2.0_.6

mozilla seamonkey 1.1.5

mozilla seamonkey 1.1.6

mozilla seamonkey 1.1.7

mozilla thunderbird 2.0_.4

mozilla thunderbird 2.0_.5

mozilla firefox 2.0.0.13

mozilla firefox 2.0.0.14

mozilla firefox 2.0_.10

mozilla firefox 2.0_.4

mozilla seamonkey 1.1.3

mozilla seamonkey 1.1.4

mozilla thunderbird 2.0_.13

mozilla thunderbird 2.0_.14

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Various flaws were discovered in the browser engine By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2008-2798, CVE-2008-2799) ...
Debian Security Advisories: DSA-1607-1 iceweasel -- several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the exec ...
Debian Security Advisories: DSA-1615-1 xulrunner -- several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code CV ...
Debian Security Advisories: DSA-1697-1 iceape -- several vulnerabilities
Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the ex ...
Mozilla: File location URL in directory listings not escaped properly
Mozilla Foundation Security Advisory 2008-30 File location URL in directory listings not escaped properly Announced July 1, 2008 Reporter Masahiro Yamada Impact Low Products Firefox, SeaMonkey Fixed in ...

References

CWE-79http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15http://www.mozilla.org/security/announce/2008/mfsa2008-30.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=411433http://www.ubuntu.com/usn/usn-619-1http://www.securityfocus.com/bid/30038http://secunia.com/advisories/30911http://secunia.com/advisories/31069http://www.redhat.com/support/errata/RHSA-2008-0549.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.htmlhttp://security.gentoo.org/glsa/glsa-200808-03.xmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.htmlhttp://www.debian.org/security/2008/dsa-1607http://secunia.com/advisories/31023http://secunia.com/advisories/31195http://secunia.com/advisories/31005http://secunia.com/advisories/31377http://secunia.com/advisories/30898http://secunia.com/advisories/30903http://rhn.redhat.com/errata/RHSA-2008-0616.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:136http://www.redhat.com/support/errata/RHSA-2008-0569.htmlhttp://secunia.com/advisories/31183http://www.securitytracker.com/id?1020419http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152http://secunia.com/advisories/30878http://www.debian.org/security/2008/dsa-1615http://secunia.com/advisories/31008http://secunia.com/advisories/30949http://www.redhat.com/support/errata/RHSA-2008-0547.htmlhttps://issues.rpath.com/browse/RPL-2646http://wiki.rpath.com/Advisories:rPSA-2008-0216http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911http://secunia.com/advisories/31021http://secunia.com/advisories/33433http://www.debian.org/security/2009/dsa-1697http://secunia.com/advisories/34501http://www.vupen.com/english/advisories/2009/0977http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1http://www.vupen.com/english/advisories/2008/1993/referenceshttp://secunia.com/advisories/31076https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9668http://www.securityfocus.com/archive/1/494080/100/0/threadedhttps://usn.ubuntu.com/619-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook