[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0418Date: (C)2008-02-08   (M)2023-12-22


Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1019329
http://www.securityfocus.com/archive/1/487826/100/0/threaded
http://www.securityfocus.com/archive/1/488002/100/0/threaded
http://www.securityfocus.com/archive/1/488971/100/0/threaded
SUNALERT-238492
SUNALERT-239546
BID-27406
SECUNIA-28622
SECUNIA-28754
SECUNIA-28766
SECUNIA-28808
SECUNIA-28815
SECUNIA-28818
SECUNIA-28839
SECUNIA-28864
SECUNIA-28865
SECUNIA-28877
SECUNIA-28879
SECUNIA-28924
SECUNIA-28939
SECUNIA-28958
SECUNIA-29049
SECUNIA-29086
SECUNIA-29098
SECUNIA-29164
SECUNIA-29167
SECUNIA-29211
SECUNIA-29567
SECUNIA-30327
SECUNIA-30620
SECUNIA-31043
ADV-2008-0263
ADV-2008-0453
ADV-2008-0454
ADV-2008-0627
ADV-2008-1793
ADV-2008-2091
DSA-1484
DSA-1485
DSA-1489
DSA-1506
FEDORA-2008-1435
FEDORA-2008-1459
FEDORA-2008-1535
FEDORA-2008-2060
FEDORA-2008-2118
GLSA-200805-18
MDVSA-2008:048
MDVSA-2008:062
RHSA-2008:0103
RHSA-2008:0104
RHSA-2008:0105
SSA:2008-061-01
SUSE-SA:2008:008
USN-576-1
USN-582-1
USN-582-2
VU#309608
http://browser.netscape.com/releasenotes/
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
http://wiki.rpath.com/Advisories:rPSA-2008-0051
http://wiki.rpath.com/Advisories:rPSA-2008-0093
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
https://issues.rpath.com/browse/RPL-1995
oval:org.mitre.oval:def:10705

CPE    3
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-22
OVAL    6
oval:org.mitre.oval:def:7909
oval:org.mitre.oval:def:8000
oval:org.secpod.oval:def:301272
oval:org.mitre.oval:def:7914
...

© SecPod Technologies