[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-0418

Date: (C)2008-02-08   (M)2017-11-18 


Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1019329
http://www.securityfocus.com/archive/1/archive/1/487826/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded
SUNALERT-238492
SUNALERT-239546
BID-27406
SECUNIA-28622
SECUNIA-28754
SECUNIA-28766
SECUNIA-28808
SECUNIA-28815
SECUNIA-28818
SECUNIA-28839
SECUNIA-28864
SECUNIA-28865
SECUNIA-28877
SECUNIA-28879
SECUNIA-28924
SECUNIA-28939
SECUNIA-28958
SECUNIA-29049
SECUNIA-29086
SECUNIA-29098
SECUNIA-29164
SECUNIA-29167
SECUNIA-29211
SECUNIA-29567
SECUNIA-30327
SECUNIA-30620
SECUNIA-31043
ADV-2008-0263
ADV-2008-0453
ADV-2008-0454
ADV-2008-0627
ADV-2008-1793
ADV-2008-2091
DSA-1484
DSA-1485
DSA-1489
DSA-1506
FEDORA-2008-1435
FEDORA-2008-1459
FEDORA-2008-1535
FEDORA-2008-2060
FEDORA-2008-2118
GLSA-200805-18
MDVSA-2008:048
MDVSA-2008:062
RHSA-2008:0103
RHSA-2008:0104
RHSA-2008:0105
SSA:2008-061-01
SUSE-SA:2008:008
USN-576-1
USN-582-1
USN-582-2
VU#309608
http://browser.netscape.com/releasenotes/
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
http://wiki.rpath.com/Advisories:rPSA-2008-0051
http://wiki.rpath.com/Advisories:rPSA-2008-0093
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
https://issues.rpath.com/browse/RPL-1995

CPE    3
cpe:/a:mozilla:firefox:2.0.0.11
cpe:/a:mozilla:thunderbird:2.0.0.11
cpe:/a:mozilla:seamonkey:1.1.7
CWE    1
CWE-22
OVAL    6
oval:org.secpod.oval:def:301272
oval:org.secpod.oval:def:301328
oval:org.mitre.oval:def:7909
oval:org.mitre.oval:def:8000
...

© 2013 SecPod Technologies