Home > Vulnerability Database > CVE-2008-4068

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-4068

Date: September 24, 2008

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

Severity Score

7.5

Related Resources (54)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11471

Url: http://secunia.com/advisories/32196

Url: http://secunia.com/advisories/31987

Url: http://secunia.com/advisories/31985

Url: http://secunia.com/advisories/31984

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://secunia.com/advisories/32082

Url: http://www.redhat.com/support/errata/RHSA-2008-0882.html

Url: http://download.novell.com/Download?buildid=WZXONb-tqBw~

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32144

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/32185

Url: http://www.redhat.com/support/errata/RHSA-2008-0879.html

Url: https://access.redhat.com/security/cve/CVE-2008-4068

Url: http://secunia.com/advisories/32025

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4068

Url: http://www.ubuntu.com/usn/usn-645-1

Url: http://www.ubuntu.com/usn/usn-645-2

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45360

Url: http://www.ubuntu.com/usn/usn-647-1

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/32012

Url: http://secunia.com/advisories/32011

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32010

Url: http://secunia.com/advisories/32096

Url: http://secunia.com/advisories/32095

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0908.html

Url: http://www.vupen.com/english/advisories/2008/2661

Url: http://www.debian.org/security/2008/dsa-1649

Url: http://secunia.com/advisories/32089

Url: http://secunia.com/advisories/34501

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4068

Url: http://secunia.com/advisories/32044

Url: http://secunia.com/advisories/32042

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Url: http://secunia.com/advisories/32845

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Url: http://secunia.com/advisories/32007

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Url: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Url: http://secunia.com/advisories/32092

Url: http://www.securitytracker.com/id?1020921

Url: http://www.securityfocus.com/bid/31346

Url: https://www.mend.io/vulnerability-database/CVE-2008-4068

Severity Score

7.5

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us