CVE-2008-2808 : Détail

CVE-2008-2808

Cross-site Scripting
A03-Injection
1.3%V3
Network
2008-07-07
21h00 +00:00
2018-10-11
17h57 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Products Mentioned

Configuraton 0

Redhat>>Advanced_workstation_for_the_itanium_processor >> Version 2.1

    Redhat>>Desktop >> Version 3.0

    Redhat>>Desktop >> Version 4.0

    Redhat>>Enterprise_linux >> Version 5_server

      Redhat>>Enterprise_linux >> Version as_2.1

        Redhat>>Enterprise_linux >> Version as_3

        Redhat>>Enterprise_linux >> Version as_4

        Redhat>>Enterprise_linux >> Version es_2.1

          Redhat>>Enterprise_linux >> Version es_3

          Redhat>>Enterprise_linux >> Version es_4

          Redhat>>Enterprise_linux >> Version ws_2.1

            Redhat>>Enterprise_linux >> Version ws_3

            Redhat>>Enterprise_linux >> Version ws_4

            Redhat>>Enterprise_linux_desktop >> Version 5_client

              Redhat>>Enterprise_linux_desktop_workstation >> Version 5_client

                Redhat>>Fedora >> Version 8

                Ubuntu>>Ubuntu_linux >> Version 6.06

                  Ubuntu>>Ubuntu_linux >> Version 6.06

                    Ubuntu>>Ubuntu_linux >> Version 6.06

                      Ubuntu>>Ubuntu_linux >> Version 6.06

                        Ubuntu>>Ubuntu_linux >> Version 7.04

                          Ubuntu>>Ubuntu_linux >> Version 7.04

                            Ubuntu>>Ubuntu_linux >> Version 7.04

                              Ubuntu>>Ubuntu_linux >> Version 7.04

                                Ubuntu>>Ubuntu_linux >> Version 7.10

                                  Ubuntu>>Ubuntu_linux >> Version 7.10

                                    Ubuntu>>Ubuntu_linux >> Version 7.10

                                      Ubuntu>>Ubuntu_linux >> Version 7.10

                                        Ubuntu>>Ubuntu_linux >> Version 7.10

                                          Mozilla>>Firefox >> Version 2.0

                                          Mozilla>>Firefox >> Version 2.0

                                            Mozilla>>Firefox >> Version 2.0

                                              Mozilla>>Firefox >> Version 2.0

                                                Mozilla>>Firefox >> Version 2.0.0.2

                                                Mozilla>>Firefox >> Version 2.0.0.3

                                                Mozilla>>Firefox >> Version 2.0.0.11

                                                Mozilla>>Firefox >> Version 2.0.0.12

                                                Mozilla>>Firefox >> Version 2.0.0.13

                                                Mozilla>>Firefox >> Version 2.0.0.14

                                                Mozilla>>Firefox >> Version 2.0_.1

                                                  Mozilla>>Firefox >> Version 2.0_.4

                                                    Mozilla>>Firefox >> Version 2.0_.5

                                                      Mozilla>>Firefox >> Version 2.0_.6

                                                        Mozilla>>Firefox >> Version 2.0_.9

                                                          Mozilla>>Firefox >> Version 2.0_.10

                                                            Mozilla>>Firefox >> Version 2.0_8

                                                              Mozilla>>Seamonkey >> Version 1.1

                                                              Mozilla>>Seamonkey >> Version 1.1.1

                                                              Mozilla>>Seamonkey >> Version 1.1.2

                                                              Mozilla>>Seamonkey >> Version 1.1.3

                                                              Mozilla>>Seamonkey >> Version 1.1.4

                                                              Mozilla>>Seamonkey >> Version 1.1.5

                                                              Mozilla>>Seamonkey >> Version 1.1.6

                                                              Mozilla>>Seamonkey >> Version 1.1.7

                                                              Mozilla>>Seamonkey >> Version 1.1.8

                                                              Mozilla>>Seamonkey >> Version 1.1.9

                                                              Mozilla>>Thunderbird >> Version 2.0_.4

                                                                Mozilla>>Thunderbird >> Version 2.0_.5

                                                                  Mozilla>>Thunderbird >> Version 2.0_.6

                                                                    Mozilla>>Thunderbird >> Version 2.0_.9

                                                                      Mozilla>>Thunderbird >> Version 2.0_.12

                                                                        Mozilla>>Thunderbird >> Version 2.0_.13

                                                                          Mozilla>>Thunderbird >> Version 2.0_.14

                                                                            Mozilla>>Thunderbird >> Version 2.0_8

                                                                              Références

                                                                              http://www.redhat.com/support/errata/RHSA-2008-0549.html
                                                                              Tags : vendor-advisory, x_refsource_REDHAT
                                                                              http://www.debian.org/security/2009/dsa-1697
                                                                              Tags : vendor-advisory, x_refsource_DEBIAN
                                                                              http://secunia.com/advisories/31021
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/30898
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/30949
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.vupen.com/english/advisories/2009/0977
                                                                              Tags : vdb-entry, x_refsource_VUPEN
                                                                              http://secunia.com/advisories/31069
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/31008
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/31377
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://rhn.redhat.com/errata/RHSA-2008-0616.html
                                                                              Tags : vendor-advisory, x_refsource_REDHAT
                                                                              http://secunia.com/advisories/31023
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.securityfocus.com/bid/30038
                                                                              Tags : vdb-entry, x_refsource_BID
                                                                              http://www.debian.org/security/2008/dsa-1607
                                                                              Tags : vendor-advisory, x_refsource_DEBIAN
                                                                              http://security.gentoo.org/glsa/glsa-200808-03.xml
                                                                              Tags : vendor-advisory, x_refsource_GENTOO
                                                                              http://secunia.com/advisories/31005
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/33433
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.securitytracker.com/id?1020419
                                                                              Tags : vdb-entry, x_refsource_SECTRACK
                                                                              http://secunia.com/advisories/31183
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/30903
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.redhat.com/support/errata/RHSA-2008-0547.html
                                                                              Tags : vendor-advisory, x_refsource_REDHAT
                                                                              http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
                                                                              Tags : vendor-advisory, x_refsource_SUNALERT
                                                                              http://www.debian.org/security/2008/dsa-1615
                                                                              Tags : vendor-advisory, x_refsource_DEBIAN
                                                                              http://secunia.com/advisories/31195
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/31076
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.ubuntu.com/usn/usn-619-1
                                                                              Tags : vendor-advisory, x_refsource_UBUNTU
                                                                              http://secunia.com/advisories/30911
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.redhat.com/support/errata/RHSA-2008-0569.html
                                                                              Tags : vendor-advisory, x_refsource_REDHAT
                                                                              http://secunia.com/advisories/30878
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://secunia.com/advisories/34501
                                                                              Tags : third-party-advisory, x_refsource_SECUNIA
                                                                              http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
                                                                              Tags : vendor-advisory, x_refsource_MANDRIVA