FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4068

This CVE name corresponds to:

Entered	Topic
2008-09-24	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4068 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-4068
Phase	Assigned(20080912)

Description

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

References

Source	Reference
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
CONFIRM	http://download.novell.com/Download?buildid=WZXONb-tqBw~
DEBIAN	DSA-1669
DEBIAN	DSA-1697
DEBIAN	DSA-1696
DEBIAN	DSA-1649
FEDORA	FEDORA-2008-8401
FEDORA	FEDORA-2008-8429
FEDORA	FEDORA-2008-8425
MANDRIVA	MDVSA-2008:205
MANDRIVA	MDVSA-2008:206
REDHAT	RHSA-2008:0908
REDHAT	RHSA-2008:0879
REDHAT	RHSA-2008:0882
SLACKWARE	SSA:2008-269-01
SLACKWARE	SSA:2008-269-02
SLACKWARE	SSA:2008-270-01
SUNALERT	256408
SUSE	SUSE-SA:2008:050
UBUNTU	USN-647-1
UBUNTU	USN-645-1
UBUNTU	USN-645-2
BID	31346
OVAL	oval:org.mitre.oval:def:11471
SECUNIA	34501
SECUNIA	32185
SECUNIA	32196
VUPEN	ADV-2008-2661
SECTRACK	1020921
SECUNIA	32042
SECUNIA	32025
SECUNIA	32092
SECUNIA	32144
SECUNIA	32044
SECUNIA	32082
SECUNIA	32089
SECUNIA	32095
SECUNIA	32096
SECUNIA	32845
SECUNIA	31984
SECUNIA	31985
SECUNIA	31987
SECUNIA	32007
SECUNIA	32010
SECUNIA	32011
SECUNIA	32012
SECUNIA	33433
SECUNIA	33434
VUPEN	ADV-2009-0977
XF	mozilla-resourceprotocol-info-disclosure(45360)