Vulnerability Description
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.15 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31106
- http://secunia.com/advisories/31120
- http://secunia.com/advisories/31121
- http://secunia.com/advisories/31129
- http://secunia.com/advisories/31145
- http://secunia.com/advisories/31157
- http://secunia.com/advisories/31176
- http://secunia.com/advisories/31183
- http://secunia.com/advisories/31261
- http://secunia.com/advisories/31270
- http://secunia.com/advisories/31306
- http://secunia.com/advisories/31377
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/34501
- http://security.gentoo.org/glsa/glsa-200808-03.xml
FAQ
What is CVE-2008-2933?
CVE-2008-2933 is a vulnerability with a CVSS score of 2.6 (LOW). Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, ...
How severe is CVE-2008-2933?
CVE-2008-2933 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2933?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.