1. Home
  2. CVE Database
  3. CVE-2008-2808
MEDIUM · 4.3

CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attac...

Vulnerability Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
RedhatAdvanced Workstation For The Itanium Processor2.1
RedhatDesktop3.0
RedhatEnterprise Linux5_server
RedhatEnterprise Linux Desktop5_client
RedhatEnterprise Linux Desktop Workstation5_client
RedhatFedora8
UbuntuUbuntu Linux6.06
MozillaFirefox2.0
MozillaSeamonkey1.1
MozillaThunderbird2.0_.4

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2008-2808?

CVE-2008-2808 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attac...

How severe is CVE-2008-2808?

CVE-2008-2808 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2808?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Advanced Workstation For The Itanium Processor, Redhat Desktop, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Desktop Workstation.