CVE-2008-2810 — Mozilla Firefox vulnerability

CWE-26411 documents6 sources

Severity

6.8MEDIUMNVD

NVD4.3

EPSS

0.9%

top 23.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +1 more

Timeline

PublishedJul 7

Latest updateMay 2

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox2.0.0.14+21

▶NVDmozilla/seamonkey1.1.9+23

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

GHSA

GHSA-6m7x-v5gc-rvvh: Mozilla Firefox 3↗2022-05-02

▶

GHSA

GHSA-fv8w-wmhg-965x: Mozilla Firefox before 2↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

HP iMC Plat 7.2 - Remote Code Execution↗2017-11-28

▶

Exploit-DB

Joomla! Component ChronoForms 2.3.5 - Remote File Inclusion↗2008-01-30

▶

📋Vendor Advisories

Red Hat

Mozilla same origin policy bypass↗2008-10-08

▶

Red Hat

Firefox arbitrary file disclosure↗2008-07-02

▶

Ubuntu

Firefox vulnerabilities↗2008-07-02

▶

💬Community

Bugzilla

CVE-2008-4582 Mozilla same origin policy bypass↗2008-11-10

▶

Bugzilla

CVE-2008-2810 Firefox arbitrary file disclosure↗2008-06-24

▶