// For flags

CVE-2008-4582

Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.

Mozilla Firefox 3.0.1 hasta la versión 3.0.3, Firefox 2.x en versiones anteriores a 2.0.0.18 y SeaMonkey 1.x en versiones anteriores a 1.1.13, cuando se ejecuta en Windows, no identifican correctamente el contexto de los archivos de acceso directo de Windows .url, lo que permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y obtener información sensible a través de un documento HTML que es accesible directamente a través de un sistema de archivos, como se demuestra por los documentos en (1) carpetas locales, (2) carpetas compartidas de Windows y (3) archivos RAR y como se demuestra por IFRAMEs referenciando shortcuts que apuntan a (a) about:cache?device=memory y (b) about:cache?device=disk, una variante de CVE-2008-2810.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-07 First Exploit
  • 2008-10-15 CVE Reserved
  • 2008-10-15 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (22)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
3.0.1
Search vendor "Mozilla" for product "Firefox" and version "3.0.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
3.0.2
Search vendor "Mozilla" for product "Firefox" and version "3.0.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
3.0.3
Search vendor "Mozilla" for product "Firefox" and version "3.0.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0
Search vendor "Mozilla" for product "Firefox" and version "2.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.1
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.10
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.10"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.11
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.11"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.12
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.12"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.13
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.13"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.14
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.14"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.15
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.16
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.16"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0.0.17
Search vendor "Mozilla" for product "Firefox" and version "2.0.0.17"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
alpha
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
beta
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.2
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.3
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.4
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.5
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.6
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.7
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.8
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.8"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.9
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.9"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1"
alpha
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1"
beta
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.2
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.3
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.4
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.4"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.5
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.6
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.7
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.8
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.8"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.9
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.9"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.10
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.10"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.11
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.11"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.1.12
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.12"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"
-
Affected