CVE-2008-4582

NONECVSS 0.0

0.0

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

🔗 References (64)

cve@mitrehttp://liudieyu0.blog124.fc2.com/blog-entry-6.html
cve@mitrehttp://secunia.com/advisories/32192
cve@mitrehttp://secunia.com/advisories/32684
cve@mitrehttp://secunia.com/advisories/32693
cve@mitrehttp://secunia.com/advisories/32714
cve@mitrehttp://secunia.com/advisories/32721
cve@mitrehttp://secunia.com/advisories/32778
cve@mitrehttp://secunia.com/advisories/32845
cve@mitrehttp://secunia.com/advisories/32853
cve@mitrehttp://secunia.com/advisories/33433
cve@mitrehttp://secunia.com/advisories/33434
cve@mitrehttp://secunia.com/advisories/34501
cve@mitrehttp://securityreason.com/securityalert/4416
cve@mitrehttp://securitytracker.com/alerts/2008/Nov/1021212.html
cve@mitrehttp://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Is Your Infrastructure Affected by CVE-2008-4582?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-4582

📅 Published

🔄 Last Modified

🔗 References (64)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-4582?