Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4582Link Following in Mozilla Firefox

CWE-264CWE-59Link Following11 documents7 sources
Severity
5.1MEDIUMNVD
NVD4.3CNA6.8CNA4.3
EPSS
35.6%
top 2.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Mozilla FirefoxCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedOct 15
Latest updateMay 2

Description

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFR

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox3.0.5+80
NVDmozilla/seamonkey23 versions+22

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

4
GHSA
GHSA-95pc-m84q-vvmm: Mozilla Firefox before 32022-05-02
GHSA
GHSA-6m7x-v5gc-rvvh: Mozilla Firefox 32022-05-02
CVEList
CVE-2009-0356: Mozilla Firefox before 32009-02-04
CVEList
CVE-2008-4582: Mozilla Firefox 32008-10-15

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation2008-10-07

📋Vendor Advisories

3
Red Hat
Firefox Chrome privilege escalation via local .desktop files2009-02-03
Ubuntu
Firefox and xulrunner vulnerabilities2008-11-17
Red Hat
Mozilla same origin policy bypass2008-10-08

💬Community

1
Bugzilla
CVE-2008-4582 Mozilla same origin policy bypass2008-11-10
CVE-2008-4582 — Link Following in Mozilla Firefox | cvebase