CVE-2008-2933

Publication date 17 July 2008

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.

Status

Package Ubuntu Release Status
firefox 8.10 intrepid Not in release
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
firefox-3.0 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
7.04 feisty Not in release
6.06 LTS dapper Not in release
iceape 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release
icedove 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
iceweasel 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
mozilla-thunderbird 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
seamonkey 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
thunderbird 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release
xulrunner 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper Not in release
xulrunner-1.9 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-623-1
    • Firefox vulnerabilities
    • 17 July 2008
    • USN-626-1
    • Firefox and xulrunner vulnerabilities
    • 28 July 2008

Other references