CVE-2008-2933 in Firefox
요약 (영어)
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets | (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
예약하다
2008. 06. 30.
공개
2008. 07. 17.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 3786 | Mozilla Firefox XUL 권한 상승 | 20 | 높음 | 공식 수정 | CVE-2008-2933 |
| 3785 | Mozilla Firefox URI Launcher 권한 상승 | 20 | 개념 증명 | 공식 수정 | CVE-2008-2933 |