NVD

Id
2827  
Name
CVE-2008-2933  
Description
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets "|" (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-03  
Published
2008-07-17  
Modified Date
2013-08-02  
Seq
2008-2933  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
17850 2827 CVE-2008-2933 oval:org.mitre.oval:def:11618  View
17851 2827 CVE-2008-2933 GLSA-200808-03  View
17852 2827 CVE-2008-2933 256408  View
17853 2827 CVE-2008-2933 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238  View
17854 2827 CVE-2008-2933 DSA-1614  View
17855 2827 CVE-2008-2933 DSA-1615  View
17856 2827 CVE-2008-2933 DSA-1697  View
17857 2827 CVE-2008-2933 VU#130923  View
17858 2827 CVE-2008-2933 MDVSA-2008:148  View
17859 2827 CVE-2008-2933 http://www.mozilla.org/security/announce/2008/mfsa2008-35.html  View
17860 2827 CVE-2008-2933 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400  View
17861 2827 CVE-2008-2933 RHSA-2008:0597  View
17862 2827 CVE-2008-2933 RHSA-2008:0598  View
17863 2827 CVE-2008-2933 20080729 rPSA-2008-0238-1 firefox  View
17864 2827 CVE-2008-2933 30242  View
17865 2827 CVE-2008-2933 1020500  View
17866 2827 CVE-2008-2933 SSA:2008-198-01  View
17867 2827 CVE-2008-2933 USN-623-1  View
17868 2827 CVE-2008-2933 USN-626-1  View
17869 2827 CVE-2008-2933 USN-626-2  View
17870 2827 CVE-2008-2933 ADV-2009-0977  View
17871 2827 CVE-2008-2933 firefox-commandline-uri-security-bypass(43832)  View
17872 2827 CVE-2008-2933 https://bugzilla.mozilla.org/show_bug.cgi?id=441120  View
17873 2827 CVE-2008-2933 https://issues.rpath.com/browse/RPL-2683  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
46257 JVNDB-2008-001567 Mozilla Firefox における任意のローカルファイルを読み取られる脆弱性 Mozilla Firefox には、マルチタブを開くためのリクエストとしてコマンドライン URI 内の "|" (パイプ) 文字を解釈することにより、chrome:i URI にアクセスされる、または任意のローカルファイルを読み取られる脆弱性が存在します。 CVE-2008-2933 33046 CVE-2008-2933 2827 2.6 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001567.html 2008-07-15 2009-04-27 View