CVE-2008-1241 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 2.0.0.12
mozilla	seamonkey	𝑥 ≤ 1.1.8

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

intrepid	dne
hardy	Fixed 2.0.0.13+1nobinonly-0ubuntu1 released
gutsy	Fixed 2.0.0.13+1nobinonly-0ubuntu0.7.10 released
feisty	Fixed 2.0.0.13+0nobinonly-0ubuntu0.7.4 released
edgy	Fixed 2.0.0.13+0nobinonly-0ubuntu0.6.10 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1 released

iceape

intrepid	dne
hardy	dne
gutsy	ignored
feisty	dne
edgy	dne
dapper	dne

iceweasel

intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

seamonkey

intrepid	Fixed 1.1.9+nobinonly-0ubuntu1 released
hardy	Fixed 1.1.9+nobinonly-0ubuntu1 released
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

xulrunner

intrepid	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
hardy	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
feisty	ignored
edgy	ignored
dapper	dne

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://secunia.com/advisories/29391

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29550

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29607

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mozilla.org/security/announce/2008/mfsa2008-19.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019700

http://www.ubuntu.com/usn/usn-592-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/1793/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41454

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://secunia.com/advisories/29391

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29550

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29607

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mozilla.org/security/announce/2008/mfsa2008-19.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019700

http://www.ubuntu.com/usn/usn-592-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/1793/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41454

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163