CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.3%
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly
identify the context of Windows .url shortcut files, which allows
user-assisted remote attackers to bypass the Same Origin Policy and obtain
sensitive information via an HTML document that is directly accessible
through a filesystem, as demonstrated by documents in (1) local folders,
(2) Windows share folders, and (3) RAR archives, and as demonstrated by
IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory
and (b) about:cache?device=disk, a variant of CVE-2008-2810.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | <Β 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox | <Β 2.0.0.18+nobinonly-0ubuntu0.7.10 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox | <Β 2.0.0.19+nobinonly1-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | firefox | <Β 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | <Β 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | <Β 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox-3.0 | <Β 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | firefox-3.0 | <Β 3.0.4+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | seamonkey | <Β 1.1.15+nobinonly-0ubuntu0.8.04.2 | UNKNOWN |
ubuntu | 8.10 | noarch | seamonkey | <Β 1.1.15+nobinonly-0ubuntu0.8.10.2 | UNKNOWN |