Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-2933 | First vendor Publication | 2008-07-17 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11618 | |||
| Oval ID: | oval:org.mitre.oval:def:11618 | ||
| Title: | Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | ||
| Description: | Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-2933 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17644 | |||
| Oval ID: | oval:org.mitre.oval:def:17644 | ||
| Title: | USN-626-2 -- devhelp, epiphany-browser, midbrowser, yelp update | ||
| Description: | USN-626-1 fixed vulnerabilities in xulrunner-1.9. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-626-2 CVE-2008-2785 CVE-2008-2933 | Version: | 7 |
| Platform(s): | Ubuntu 8.04 | Product(s): | devhelp epiphany-browser midbrowser yelp |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17681 | |||
| Oval ID: | oval:org.mitre.oval:def:17681 | ||
| Title: | USN-623-1 -- firefox vulnerabilities | ||
| Description: | A flaw was discovered in the browser engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-623-1 CVE-2008-2785 CVE-2008-2933 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18500 | |||
| Oval ID: | oval:org.mitre.oval:def:18500 | ||
| Title: | DSA-1615-1 xulrunner - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1615-1 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19875 | |||
| Oval ID: | oval:org.mitre.oval:def:19875 | ||
| Title: | DSA-1614-1 iceweasel - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1614-1 CVE-2008-2785 CVE-2008-2933 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7461 | |||
| Oval ID: | oval:org.mitre.oval:def:7461 | ||
| Title: | DSA-1614 iceweasel -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1614 CVE-2008-2785 CVE-2008-2933 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8044 | |||
| Oval ID: | oval:org.mitre.oval:def:8044 | ||
| Title: | DSA-1615 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. moz_bug_r_a4 discovered several cross-site scripting vulnerabilities. Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context of signed JAR archives. moz_bug_r_a4 discovered that XUL documents can escalate privileges by accessing the pre-compiled fastload file. moz_bug_r_a4 discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofing of secure connections. Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1615 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox1.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:148 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_148.nasl |
| 2009-03-23 | Name : Ubuntu Update for devhelp, epiphany-browser, midbrowser, yelp update USN-626-2 File : nvt/gb_ubuntu_USN_626_2.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-626-1 File : nvt/gb_ubuntu_USN_626_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-623-1 File : nvt/gb_ubuntu_USN_623_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-637-1 File : nvt/gb_ubuntu_USN_637_1.nasl |
| 2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0597-01 File : nvt/gb_RHSA-2008_0597-01_firefox.nasl |
| 2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0598-02 File : nvt/gb_RHSA-2008_0598-02_firefox.nasl |
| 2009-02-27 | Name : CentOS Update for firefox CESA-2008:0598 centos3 i386 File : nvt/gb_CESA-2008_0598_firefox_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for firefox CESA-2008:0598 centos3 x86_64 File : nvt/gb_CESA-2008_0598_firefox_centos3_x86_64.nasl |
| 2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_liferea_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_openvrml_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_ruby-gnome2_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_yelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_devhelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_epiphany-extensions_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_epiphany_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_firefox_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for xulrunner FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_xulrunner_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_yelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_gtkmozembedmm_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_kazehakase_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_gnome-web-photo_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_gnome-python2-extras_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_galeon_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_firefox_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_epiphany_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_epiphany-extensions_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_devhelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_chmsee_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_cairo-dock_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_Miro_fc8.nasl |
| 2009-01-13 | Name : Debian Security Advisory DSA 1697-1 (iceape) File : nvt/deb_1697_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-03 (mozilla ...) File : nvt/glsa_200808_03.nasl |
| 2008-08-15 | Name : Debian Security Advisory DSA 1615-1 (xulrunner) File : nvt/deb_1615_1.nasl |
| 2008-08-15 | Name : Debian Security Advisory DSA 1614-1 (iceweasel) File : nvt/deb_1614_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-198-01 mozilla-firefox File : nvt/esoft_slk_ssa_2008_198_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 47465 | Mozilla Firefox Command-line URI Handling Pipe Character Arbitrary File Access |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0598.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0597.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0597.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-080731.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-148.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO |
| 2008-08-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-637-1.nasl - Type : ACT_GATHER_INFO |
| 2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-03.nasl - Type : ACT_GATHER_INFO |
| 2008-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-626-2.nasl - Type : ACT_GATHER_INFO |
| 2008-07-29 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5449.nasl - Type : ACT_GATHER_INFO |
| 2008-07-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5450.nasl - Type : ACT_GATHER_INFO |
| 2008-07-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-626-1.nasl - Type : ACT_GATHER_INFO |
| 2008-07-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1614.nasl - Type : ACT_GATHER_INFO |
| 2008-07-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1615.nasl - Type : ACT_GATHER_INFO |
| 2008-07-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-6518.nasl - Type : ACT_GATHER_INFO |
| 2008-07-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-198-01.nasl - Type : ACT_GATHER_INFO |
| 2008-07-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-6491.nasl - Type : ACT_GATHER_INFO |
| 2008-07-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-623-1.nasl - Type : ACT_GATHER_INFO |
| 2008-07-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_301.nasl - Type : ACT_GATHER_INFO |
| 2008-07-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0598.nasl - Type : ACT_GATHER_INFO |
| 2008-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0597.nasl - Type : ACT_GATHER_INFO |
| 2008-07-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0598.nasl - Type : ACT_GATHER_INFO |
| 2008-07-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20016.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:13:53 |
|
| 2024-11-28 12:15:55 |
|
| 2024-11-01 01:09:32 |
|
| 2024-10-22 12:09:33 |
|
| 2024-08-02 12:09:23 |
|
| 2024-08-02 01:02:42 |
|
| 2024-02-10 01:08:32 |
|
| 2024-02-02 01:08:57 |
|
| 2024-02-01 12:02:41 |
|
| 2023-09-05 12:08:20 |
|
| 2023-09-05 01:02:32 |
|
| 2023-09-02 12:08:26 |
|
| 2023-09-02 01:02:33 |
|
| 2023-08-12 12:09:54 |
|
| 2023-08-12 01:02:33 |
|
| 2023-08-11 12:08:30 |
|
| 2023-08-11 01:02:38 |
|
| 2023-08-06 12:08:08 |
|
| 2023-08-06 01:02:35 |
|
| 2023-08-04 12:08:13 |
|
| 2023-08-04 01:02:37 |
|
| 2023-07-14 12:08:12 |
|
| 2023-07-14 01:02:35 |
|
| 2023-03-29 01:09:18 |
|
| 2023-03-28 12:02:41 |
|
| 2022-10-11 12:07:17 |
|
| 2022-10-11 01:02:25 |
|
| 2021-05-04 12:07:40 |
|
| 2021-04-22 01:08:03 |
|
| 2020-10-14 01:03:44 |
|
| 2020-10-03 01:03:42 |
|
| 2020-05-29 01:03:24 |
|
| 2020-05-23 01:39:39 |
|
| 2020-05-23 00:21:53 |
|
| 2018-10-12 00:20:23 |
|
| 2017-11-22 12:02:39 |
|
| 2017-09-29 09:23:36 |
|
| 2017-08-08 09:24:12 |
|
| 2016-04-26 17:35:08 |
|
| 2014-02-17 10:45:31 |
|
| 2013-08-02 13:19:37 |
|
| 2013-05-11 00:20:25 |
|
