1. Home
  2. Vulnerabilities
  3. CVE-2008-4067

CVE-2008-4067

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 1.01 % (84th)
1.01% Progress
Affected Products 6
Advisories 12
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-09-24 20:37:04
(16 years ago)
Updated Date
2018-11-01 16:22:36
(5 years ago)

Affected Products

Canonical

Debian

Linux

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 2.0.0.17 version cpe:2.3:a:mozilla:firefox < 2.0.0.17
OR  
  Running on/with
  Mozilla Firefox from 3.0 version and prior 3.0.2 version cpe:2.3:a:mozilla:firefox >= 3.0 < 3.0.2
OR  
  Running on/with
  Mozilla Seamonkey prior 1.1.12 version cpe:2.3:a:mozilla:seamonkey < 1.1.12
OR  
  Running on/with
  Mozilla Thunderbird prior 2.0.0.17 version cpe:2.3:a:mozilla:thunderbird < 2.0.0.17
OR  
  Running on/with
  Linux Kernel cpe:2.3:o:linux:linux_kernel:-

Configuration #2

AND
    CPE23 From Up To
OR  
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0

Configuration #3

AND
    CPE23 From Up To
OR  
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts
OR  
  Running on/with
  Canonical Ubuntu Linux 7.04 cpe:2.3:o:canonical:ubuntu_linux:7.04
OR  
  Running on/with
  Canonical Ubuntu Linux 7.10 cpe:2.3:o:canonical:ubuntu_linux:7.10
OR  
  Running on/with
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts