Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-4582

EPSS 35.58% · P97
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-4582

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mozilla Firefox Internet快捷方式破坏同源策略漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Firefox是非常流行的开源WEB浏览器。 Firefox在通过HTML单元启动URL快捷方式的时候没有正确地实施同源策略,如果在本地路径或Windows共享(UNC/SMB)路径中打开了网页的话,就可能读取任何位置的内容,包括缓存信息、Cookie、本地文件系统等。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-4582

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-4582

登录查看更多情报信息。

Same Patch Batch · n/a · 2008-10-15 · 42 CVEs total

CVE-2008-3474Microsoft IE信息泄露漏洞
CVE-2008-4574Ayco Okul Portali 'default.asp' SQL注入漏洞
CVE-2008-1446Microsoft Windows Internet打印服务整数溢出漏洞
CVE-2008-2250Microsoft Windows多个内核权限提升漏洞
CVE-2008-2251Microsoft Windows多个内核权限提升漏洞
CVE-2008-2252Microsoft Windows多个内核权限提升漏洞
CVE-2008-3464Microsoft Windows AFD驱动本地权限提升漏洞
CVE-2008-3466Microsoft Host Integration Server RPC远程命令执行漏洞
CVE-2008-3471Microsoft Excel BIFF文件格式解析栈溢出漏洞
CVE-2008-3472Microsoft IE权限许可和访问控制漏洞
CVE-2008-3473Microsoft IE多个跨域信息泄露和内存破坏漏洞
CVE-2008-4573MunzurSoft Wep Portal 'kategori.asp' SQL注入漏洞
CVE-2008-3475Microsoft IE componentFromPoint内存破坏漏洞
CVE-2008-3476Microsoft IE多个跨域信息泄露和内存破坏漏洞
CVE-2008-3477Microsoft Excel日历对象验证远程代码执行漏洞
CVE-2008-3479Microsoft Windows消息队列服务RPC查询堆溢出漏洞
CVE-2008-4019Microsoft Excel公式解析整数溢出漏洞
CVE-2008-4020Microsoft Office CDO协议跨站脚本漏洞
CVE-2008-4023Microsoft Windows活动目录LDAP请求缓冲区溢出漏洞
CVE-2008-4036Microsoft Windows VAD本地权限提升漏洞

Showing top 20 of 42 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-4582

No comments yet

Leave a comment