CVE-2008-4068

Impact:
Moderate
Public Date:
2008-09-23
Bugzilla:
463248: CVE-2008-4068 Mozilla local HTML file recource: bypass

The MITRE CVE dictionary describes this issue as:

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.

Find out more about CVE-2008-4068 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 5 RHSA-2008:0879 2008-09-24
Red Hat Enterprise Linux 4 RHSA-2008:0882 2008-09-24
Red Hat Enterprise Linux 4 (firefox) RHSA-2008:0879 2008-09-24
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:0882 2008-09-24
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:0882 2008-09-24

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 devhelp 0.12-19.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.1.1-1.el5 Fixed
Red Hat Enterprise Linux version 5 yelp 2.16.0-21.el5 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.2-5.el5 Fixed
Red Hat Enterprise Linux version 4 devhelp 0.10-0.10.el4 Fixed
Red Hat Enterprise Linux version 4 seamonkey 1.0.9-26.el4 Fixed

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation