CVE-2008-2810

Severity

68%

Complexity

86%

Confidentiality

106%

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 16 years ago

2008-07-07 23:41:00

Last updated 6 years ago

2018-10-11 20:44:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox 2.0.0.12

2.0.0.12

Mozilla Firefox 2.0.0.13

2.0.0.13

Mozilla Firefox

Mozilla SeaMonkey 1.1

1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey

References

SUSE-SA:2008:034

RHSA-2008:0616

30878

30898

30903

30911

Vendor Advisory

30949

31005

31008

31021

31023

31076

31195

31377

33433

GLSA-200808-03

SSA:2008-191-03

SSA:2008-191

http://wiki.rpath.com/Advisories:rPSA-2008-0216

DSA-1697

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

http://www.mozilla.org/security/announce/2008/mfsa2008-32.html

RHSA-2008:0547

RHSA-2008:0549

RHSA-2008:0569

20080708 rPSA-2008-0216-1 firefox

30038

1020419

USN-619-1

ADV-2008-1993

https://bugzilla.mozilla.org/show_bug.cgi?id=410156

https://issues.rpath.com/browse/RPL-2646

oval:org.mitre.oval:def:9593

FEDORA-2008-6127

FEDORA-2008-6193

FEDORA-2008-6196

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.