CVE-2008-2805Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedJul 7
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox2.0.0.14+14
NVDmozilla/seamonkey1.1.9+8

🔴Vulnerability Details

1
GHSA
GHSA-f68w-gqr4-452p: Mozilla Firefox before 22022-05-01

📋Vendor Advisories

2
Red Hat
Firefox arbitrary file disclosure2008-07-02
Ubuntu
Firefox vulnerabilities2008-07-02

💬Community

1
Bugzilla
CVE-2008-2805 Firefox arbitrary file disclosure2008-06-24
CVE-2008-2805 — Improper Input Validation in Mozilla | cvebase