1. Home
  2. Vulnerabilities
  3. CVE-2008-4582

CVE-2008-4582

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.41 % (74th)
0.41% Progress
Affected Products 5
Advisories 5
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

Weaknesses
CWE-264
Permissions, Privileges, and Access Controls
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2008-10-15 20:08:02
(16 years ago)
Updated Date
2018-10-30 16:25:57
(5 years ago)

Affected Products

Canonical

Debian

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0

Configuration #2

AND
    CPE23 From Up To
OR  
  Mozilla Firefox 3.0.1 cpe:2.3:a:mozilla:firefox:3.0.1
OR  
  Running on/with
  Mozilla Firefox 3.0.2 cpe:2.3:a:mozilla:firefox:3.0.2
OR  
  Running on/with
  Mozilla Firefox 3.0.3 cpe:2.3:a:mozilla:firefox:3.0.3
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows

Configuration #3

AND
    CPE23 From Up To
OR  
  Mozilla Firefox 2.0 cpe:2.3:a:mozilla:firefox:2.0
OR  
  Running on/with
  Mozilla Firefox 2.0.0.1 cpe:2.3:a:mozilla:firefox:2.0.0.1
OR  
  Running on/with
  Mozilla Firefox 2.0.0.10 cpe:2.3:a:mozilla:firefox:2.0.0.10
OR  
  Running on/with
  Mozilla Firefox 2.0.0.11 cpe:2.3:a:mozilla:firefox:2.0.0.11
OR  
  Running on/with
  Mozilla Firefox 2.0.0.12 cpe:2.3:a:mozilla:firefox:2.0.0.12
OR  
  Running on/with
  Mozilla Firefox 2.0.0.13 cpe:2.3:a:mozilla:firefox:2.0.0.13
OR  
  Running on/with
  Mozilla Firefox 2.0.0.14 cpe:2.3:a:mozilla:firefox:2.0.0.14
OR  
  Running on/with
  Mozilla Firefox 2.0.0.15 cpe:2.3:a:mozilla:firefox:2.0.0.15
OR  
  Running on/with
  Mozilla Firefox 2.0.0.16 cpe:2.3:a:mozilla:firefox:2.0.0.16
OR  
  Running on/with
  Mozilla Firefox 2.0.0.17 cpe:2.3:a:mozilla:firefox:2.0.0.17
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows

Configuration #4

AND
    CPE23 From Up To
OR  
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts
OR  
  Running on/with
  Canonical Ubuntu Linux 7.10 cpe:2.3:o:canonical:ubuntu_linux:7.10
OR  
  Running on/with
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts
OR  
  Running on/with
  Canonical Ubuntu Linux 8.10 cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #5

AND
    CPE23 From Up To
OR  
  Mozilla Seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0
OR  
  Running on/with
  Mozilla Seamonkey 1.0 Alpha cpe:2.3:a:mozilla:seamonkey:1.0:alpha
OR  
  Running on/with
  Mozilla Seamonkey 1.0 Beta cpe:2.3:a:mozilla:seamonkey:1.0:beta
OR  
  Running on/with
  Mozilla Seamonkey 1.0.1 cpe:2.3:a:mozilla:seamonkey:1.0.1
OR  
  Running on/with
  Mozilla Seamonkey 1.0.2 cpe:2.3:a:mozilla:seamonkey:1.0.2
OR  
  Running on/with
  Mozilla Seamonkey 1.0.3 cpe:2.3:a:mozilla:seamonkey:1.0.3
OR  
  Running on/with
  Mozilla Seamonkey 1.0.4 cpe:2.3:a:mozilla:seamonkey:1.0.4
OR  
  Running on/with
  Mozilla Seamonkey 1.0.5 cpe:2.3:a:mozilla:seamonkey:1.0.5
OR  
  Running on/with
  Mozilla Seamonkey 1.0.6 cpe:2.3:a:mozilla:seamonkey:1.0.6
OR  
  Running on/with
  Mozilla Seamonkey 1.0.7 cpe:2.3:a:mozilla:seamonkey:1.0.7
OR  
  Running on/with
  Mozilla Seamonkey 1.0.8 cpe:2.3:a:mozilla:seamonkey:1.0.8
OR  
  Running on/with
  Mozilla Seamonkey 1.0.9 cpe:2.3:a:mozilla:seamonkey:1.0.9
OR  
  Running on/with
  Mozilla Seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1
OR  
  Running on/with
  Mozilla Seamonkey 1.1 Alpha cpe:2.3:a:mozilla:seamonkey:1.1:alpha
OR  
  Running on/with
  Mozilla Seamonkey 1.1 Beta cpe:2.3:a:mozilla:seamonkey:1.1:beta
OR  
  Running on/with
  Mozilla Seamonkey 1.1.1 cpe:2.3:a:mozilla:seamonkey:1.1.1
OR  
  Running on/with
  Mozilla Seamonkey 1.1.2 cpe:2.3:a:mozilla:seamonkey:1.1.2
OR  
  Running on/with
  Mozilla Seamonkey 1.1.3 cpe:2.3:a:mozilla:seamonkey:1.1.3
OR  
  Running on/with
  Mozilla Seamonkey 1.1.4 cpe:2.3:a:mozilla:seamonkey:1.1.4
OR  
  Running on/with
  Mozilla Seamonkey 1.1.5 cpe:2.3:a:mozilla:seamonkey:1.1.5
OR  
  Running on/with
  Mozilla Seamonkey 1.1.6 cpe:2.3:a:mozilla:seamonkey:1.1.6
OR  
  Running on/with
  Mozilla Seamonkey 1.1.7 cpe:2.3:a:mozilla:seamonkey:1.1.7
OR  
  Running on/with
  Mozilla Seamonkey 1.1.8 cpe:2.3:a:mozilla:seamonkey:1.1.8
OR  
  Running on/with
  Mozilla Seamonkey 1.1.9 cpe:2.3:a:mozilla:seamonkey:1.1.9
OR  
  Running on/with
  Mozilla Seamonkey 1.1.10 cpe:2.3:a:mozilla:seamonkey:1.1.10
OR  
  Running on/with
  Mozilla Seamonkey 1.1.11 cpe:2.3:a:mozilla:seamonkey:1.1.11
OR  
  Running on/with
  Mozilla Seamonkey 1.1.12 cpe:2.3:a:mozilla:seamonkey:1.1.12
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows