Unrated severityNVD Advisory· Published Oct 15, 2008· Updated Jun 16, 2026
CVE-2008-4582
CVE-2008-4582
Description
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
- (no CPE)range: 3.0.1 - 3.0.3, 2.x < 2.0.0.18
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- (no CPE)range: 1.x < 1.1.13
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
32- secunia.com/advisories/32192nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32684nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32693nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32714nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32721nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32778nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32845nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/32853nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/33433nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/33434nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/34501nvdPermissions RequiredThird Party Advisory
- securityreason.com/securityalert/4416nvdThird Party Advisory
- securitytracker.com/alerts/2008/Nov/1021212.htmlnvdThird Party AdvisoryVDB Entry
- ubuntu.com/usn/usn-667-1nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1669nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1671nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1696nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1697nvdThird Party Advisory
- www.mozilla.org/security/announce/2008/mfsa2008-47.htmlnvdVendor Advisory
- www.securityfocus.com/bid/31611nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/31747nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-319A.htmlnvdThird Party AdvisoryUS Government Resource
- liudieyu0.blog124.fc2.com/blog-entry-6.htmlnvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
- www.vupen.com/english/advisories/2008/2818nvdNot Applicable
- www.vupen.com/english/advisories/2009/0977nvdNot Applicable
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlnvdNot Applicable
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlnvdNot Applicable
- www.securityfocus.com/archive/1/497091/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45740nvd
News mentions
0No linked articles in our index yet.