Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2933

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-2933
Last Modified 02 Aug 2013 02:00:28
Published 17 Jul 2008 09:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-2933

Summary

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.

Vulnerable Systems

Application

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0 .1

  • Mozilla Firefox 2.0 .10

  • Mozilla Firefox 2.0 .4

  • Mozilla Firefox 2.0 .5

  • Mozilla Firefox 2.0 .6

  • Mozilla Firefox 2.0 .7

  • Mozilla Firefox 2.0 .9

  • Mozilla Firefox 2.0 8

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.15

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Firefox 3.0


References

CERT-VN - VU#130923

CONFIRM - https://issues.rpath.com/browse/RPL-2683

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=441120

XF - firefox-commandline-uri-security-bypass(43832)

VUPEN - ADV-2009-0977

UBUNTU - USN-626-2

UBUNTU - USN-626-1

UBUNTU - USN-623-1

SLACKWARE - SSA:2008-198-01

SECTRACK - 1020500

BID - 30242

BUGTRAQ - 20080729 rPSA-2008-0238-1 firefox

REDHAT - RHSA-2008:0598

REDHAT - RHSA-2008:0597

CONFIRM - http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-35.html

MANDRIVA - MDVSA-2008:148

DEBIAN - DSA-1697

DEBIAN - DSA-1615

DEBIAN - DSA-1614

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238

SUNALERT - 256408

GENTOO - GLSA-200808-03

SECUNIA - 34501

SECUNIA - 33433

SECUNIA - 31377

SECUNIA - 31306

SECUNIA - 31270

SECUNIA - 31261

SECUNIA - 31183

SECUNIA - 31176

SECUNIA - 31157

SECUNIA - 31145

SECUNIA - 31129

SECUNIA - 31121

SECUNIA - 31120

SECUNIA - 31106


Last Updated: 27 May 2016 10:48:02