Home > Vulnerability Database > CVE-2008-4067

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-4067

Date: September 24, 2008

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.

Severity Score

3.7

Related Resources (57)

Url: http://secunia.com/advisories/32196

Url: http://www.0x000000.com/?i=422

Url: http://secunia.com/advisories/31987

Url: http://secunia.com/advisories/31985

Url: http://secunia.com/advisories/31984

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://secunia.com/advisories/32082

Url: http://www.redhat.com/support/errata/RHSA-2008-0882.html

Url: http://download.novell.com/Download?buildid=WZXONb-tqBw~

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32144

Url: http://secunia.com/advisories/33434

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45359

Url: http://secunia.com/advisories/32185

Url: http://www.redhat.com/support/errata/RHSA-2008-0879.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10770

Url: https://access.redhat.com/security/cve/CVE-2008-4067

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=380994

Url: http://secunia.com/advisories/32025

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4067

Url: http://www.ubuntu.com/usn/usn-645-1

Url: http://www.ubuntu.com/usn/usn-645-2

Url: http://www.ubuntu.com/usn/usn-647-1

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/32012

Url: http://secunia.com/advisories/32011

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32010

Url: http://secunia.com/advisories/32096

Url: http://secunia.com/advisories/32095

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=394075

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0908.html

Url: http://www.vupen.com/english/advisories/2008/2661

Url: http://www.debian.org/security/2008/dsa-1649

Url: http://secunia.com/advisories/32089

Url: http://secunia.com/advisories/34501

Url: http://secunia.com/advisories/32044

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4067

Url: http://secunia.com/advisories/32042

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Url: http://secunia.com/advisories/32845

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Url: http://secunia.com/advisories/32007

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Url: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Url: http://secunia.com/advisories/32092

Url: http://www.securitytracker.com/id?1020921

Url: http://www.securityfocus.com/bid/31346

Url: https://www.mend.io/vulnerability-database/CVE-2008-4067

Severity Score

3.7

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us