CVE-2008-0414Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedFeb 8
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox2.0.0.11

🔴Vulnerability Details

1
GHSA
GHSA-wrq6-8pjf-94rp: Mozilla Firefox before 22022-05-01

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2008-02-08
Red Hat
mozilla: multiple file input focus stealing vulnerabilities2008-02-07

💬Community

1
Bugzilla
CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities2008-02-08
CVE-2008-0414 — Improper Input Validation in Mozilla | cvebase