← Back

CVE-2008-2808

nvd nist
Published: Jul 7, 2008Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

Affected (35)

Mozilla
3 products
Firefox
Seamonkey
Thunderbird
Configuration A
35 vulnerable · 29 platform
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Version 2.0.0.11
Firefox
Version 2.0.0.12
Firefox
Version 2.0.0.13
Firefox
Version 2.0.0.14
Firefox
Version 2.0.0.2
Firefox
Version 2.0.0.3
Firefox
Version 2.0
Firefox
Version 2.0 beta_1
Firefox
Version 2.0 rc2
Firefox
Version 2.0 rc3
Firefox
Version 2.0_.10
Firefox
Version 2.0_.1
Firefox
Version 2.0_.4
Firefox
Version 2.0_.5
Firefox
Version 2.0_.6
Firefox
Version 2.0_.9
Firefox
Version 2.0_8
Mozilla
Seamonkey
Version 1.1.1
Seamonkey
Version 1.1.2
Seamonkey
Version 1.1.3
Seamonkey
Version 1.1.4
Seamonkey
Version 1.1.5
Seamonkey
Version 1.1.6
Seamonkey
Version 1.1.7
Seamonkey
Version 1.1.8
Seamonkey
Version 1.1.9
Seamonkey
Version 1.1 beta
Mozilla
Thunderbird
Version 2.0_.12
Thunderbird
Version 2.0_.13
Thunderbird
Version 2.0_.14
Thunderbird
Version 2.0_.4
Thunderbird
Version 2.0_.5
Thunderbird
Version 2.0_.6
Thunderbird
Version 2.0_.9
Thunderbird
Version 2.0_8
Running on/withPlatform Versions
Redhat
Advanced Workstation For The Itanium Processor
Version 2.1
Redhat
Desktop
Version 3.0
Redhat
Desktop
Version 4.0
Redhat
Enterprise Linux
Version 5_server
Redhat
Enterprise Linux
Version as_2.1
Redhat
Enterprise Linux
Version as_3
Redhat
Enterprise Linux
Version as_4
Redhat
Enterprise Linux
Version es_2.1
Redhat
Enterprise Linux
Version es_3
Redhat
Enterprise Linux
Version es_4
Redhat
Enterprise Linux
Version ws_2.1
Redhat
Enterprise Linux
Version ws_3
Redhat
Enterprise Linux
Version ws_4
Redhat
Enterprise Linux Desktop
Version 5_client
Redhat
Enterprise Linux Desktop Workstation
Version 5_client
Redhat
Fedora
Version 8
Ubuntu
Ubuntu Linux
Version 6.06
Ubuntu
Ubuntu Linux
Version 6.06
Ubuntu
Ubuntu Linux
Version 6.06
Ubuntu
Ubuntu Linux
Version 6.06
Ubuntu
Ubuntu Linux
Version 7.04
Ubuntu
Ubuntu Linux
Version 7.04
Ubuntu
Ubuntu Linux
Version 7.04
Ubuntu
Ubuntu Linux
Version 7.04
Ubuntu
Ubuntu Linux
Version 7.10
Ubuntu
Ubuntu Linux
Version 7.10
Ubuntu
Ubuntu Linux
Version 7.10
Ubuntu
Ubuntu Linux
Version 7.10
Ubuntu
Ubuntu Linux
Version 7.10

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (88)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.