Home > Vulnerability Database > CVE-2008-4582

Mend.io Vulnerability Database

CVE-2008-4582

Date: October 15, 2008

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

Severity Score

3.7

Related Resources (35)

Url: http://www.securityfocus.com/archive/1/497091/100/0/threaded

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32693

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-47.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45740

Url: http://securitytracker.com/alerts/2008/Nov/1021212.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Url: http://secunia.com/advisories/32714

Url: http://secunia.com/advisories/32778

Url: http://secunia.com/advisories/32853

Url: http://www.securitytracker.com/id?1021190

Url: http://www.vupen.com/english/advisories/2008/2818

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=455311

Url: http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Url: http://securityreason.com/securityalert/4416

Url: http://ubuntu.com/usn/usn-667-1

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://www.securityfocus.com/bid/31611

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32684

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/34501

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4582

Url: http://www.debian.org/security/2008/dsa-1671

Url: http://secunia.com/advisories/32845

Url: http://secunia.com/advisories/32721

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4582

Url: http://liudieyu0.blog124.fc2.com/blog-entry-6.html

Url: http://secunia.com/advisories/32192

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Url: http://www.securityfocus.com/bid/31747

Url: https://www.mend.io/vulnerability-database/CVE-2008-4582

Severity Score

3.7

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-4582

Date: October 15, 2008

Severity Score

Related Resources (35)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?