CVE-2008-0594 : Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning di

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

Published 2008-02-09 01:00:00

Updated 2018-10-15 22:01:49

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2008-0594

Mozilla » Firefox
Versions up to, including, (<=) 2.0.0.11
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-0594

EPSS FAQ

8.95%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-0594

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

Vendor statements for CVE-2008-0594

Red Hat 2008-02-12

Not vulnerable. This does not affect the versions of Firefox or SeaMonkey shipped in Red Hat Enterprise Linux.

References for CVE-2008-0594

Jump to

Vulnerability Details : CVE-2008-0594

Products affected by CVE-2008-0594

Exploit prediction scoring system (EPSS) score for CVE-2008-0594

CVSS scores for CVE-2008-0594

Vendor statements for CVE-2008-0594

References for CVE-2008-0594