Back to search
CVE-2008-2933
Published: Jul 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-1697
vendor-advisory
x_refsource_DEBIAN
RHSA-2008:0597
vendor-advisory
x_refsource_REDHAT
31270
third-party-advisory
x_refsource_SECUNIA
31121
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0977
vdb-entry
x_refsource_VUPEN
31145
third-party-advisory
x_refsource_SECUNIA
1020500
vdb-entry
x_refsource_SECTRACK
31377
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
x_refsource_CONFIRM
GLSA-200808-03
vendor-advisory
x_refsource_GENTOO
20080729 rPSA-2008-0238-1 firefox
mailing-list
x_refsource_BUGTRAQ
USN-626-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2008:0598
vendor-advisory
x_refsource_REDHAT
31157
third-party-advisory
x_refsource_SECUNIA
33433
third-party-advisory
x_refsource_SECUNIA
DSA-1614
vendor-advisory
x_refsource_DEBIAN
31183
third-party-advisory
x_refsource_SECUNIA
31106
third-party-advisory
x_refsource_SECUNIA
VU#130923
third-party-advisory
x_refsource_CERT-VN
256408
vendor-advisory
x_refsource_SUNALERT
https://issues.rpath.com/browse/RPL-2683
x_refsource_CONFIRM
31261
third-party-advisory
x_refsource_SECUNIA
31120
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
x_refsource_CONFIRM
USN-623-1
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:11618
vdb-entry
signature
x_refsource_OVAL
SSA:2008-198-01
vendor-advisory
x_refsource_SLACKWARE
DSA-1615
vendor-advisory
x_refsource_DEBIAN
31176
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=441120
x_refsource_CONFIRM
31129
third-party-advisory
x_refsource_SECUNIA
30242
vdb-entry
x_refsource_BID
USN-626-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2008:148
vendor-advisory
x_refsource_MANDRIVA
31306
third-party-advisory
x_refsource_SECUNIA
firefox-commandline-uri-security-bypass(43832)
vdb-entry
x_refsource_XF
34501
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now