CVE - CVE-2008-2810

CVE-ID
CVE-2008-2810	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:30038 URL:http://www.securityfocus.com/bid/30038 BUGTRAQ:20080708 rPSA-2008-0216-1 firefox URL:http://www.securityfocus.com/archive/1/494080/100/0/threaded CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0216 CONFIRM:http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 CONFIRM:http://www.mozilla.org/security/announce/2008/mfsa2008-32.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=410156 CONFIRM:https://issues.rpath.com/browse/RPL-2646 DEBIAN:DSA-1697 URL:http://www.debian.org/security/2009/dsa-1697 FEDORA:FEDORA-2008-6127 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html FEDORA:FEDORA-2008-6193 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html FEDORA:FEDORA-2008-6196 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html GENTOO:GLSA-200808-03 URL:http://security.gentoo.org/glsa/glsa-200808-03.xml OVAL:oval:org.mitre.oval:def:9593 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9593 REDHAT:RHSA-2008:0547 URL:http://www.redhat.com/support/errata/RHSA-2008-0547.html REDHAT:RHSA-2008:0549 URL:http://www.redhat.com/support/errata/RHSA-2008-0549.html REDHAT:RHSA-2008:0569 URL:http://www.redhat.com/support/errata/RHSA-2008-0569.html REDHAT:RHSA-2008:0616 URL:http://rhn.redhat.com/errata/RHSA-2008-0616.html SECTRACK:1020419 URL:http://www.securitytracker.com/id?1020419 SECUNIA:30878 URL:http://secunia.com/advisories/30878 SECUNIA:30898 URL:http://secunia.com/advisories/30898 SECUNIA:30903 URL:http://secunia.com/advisories/30903 SECUNIA:30911 URL:http://secunia.com/advisories/30911 SECUNIA:30949 URL:http://secunia.com/advisories/30949 SECUNIA:31005 URL:http://secunia.com/advisories/31005 SECUNIA:31008 URL:http://secunia.com/advisories/31008 SECUNIA:31021 URL:http://secunia.com/advisories/31021 SECUNIA:31023 URL:http://secunia.com/advisories/31023 SECUNIA:31076 URL:http://secunia.com/advisories/31076 SECUNIA:31195 URL:http://secunia.com/advisories/31195 SECUNIA:31377 URL:http://secunia.com/advisories/31377 SECUNIA:33433 URL:http://secunia.com/advisories/33433 SLACKWARE:SSA:2008-191 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 SLACKWARE:SSA:2008-191-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 SUSE:SUSE-SA:2008:034 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html UBUNTU:USN-619-1 URL:http://www.ubuntu.com/usn/usn-619-1 VUPEN:ADV-2008-1993 URL:~~http://www.vupen.com/english/advisories/2008/1993/references~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20080620	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080620)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)