CVE-2008-4067Path Traversal in Mozilla Firefox

CWE-22Path Traversal9 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
2.1%
top 16.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+2 more
Timeline
PublishedSep 24
Latest updateMay 2

Description

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox3.03.0.2+1
NVDmozilla/seamonkey< 1.1.12
NVDmozilla/thunderbird< 2.0.0.17

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

🔴Vulnerability Details

2
GHSA
GHSA-x8g4-45jp-4ff6: Directory traversal vulnerability in Mozilla Firefox before 22022-05-02
CVEList
CVE-2008-4067: Directory traversal vulnerability in Mozilla Firefox before 22008-09-24

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2008-09-26
Ubuntu
Firefox and xulrunner regression2008-09-25
Ubuntu
Firefox vulnerabilities2008-09-24
Ubuntu
Firefox and xulrunner vulnerabilities2008-09-24
Red Hat
resource: traversal vulnerability2008-09-23

💬Community

1
Bugzilla
CVE-2008-4067 Mozilla resource: traversal vulnerability2008-09-22
CVE-2008-4067 — Path Traversal in Mozilla Firefox | cvebase