[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-0418Date: (C)2008-02-08   (M)2018-02-19


Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 4.3
Exploit Score: Exploit Score: 8.6
Impact Score : Impact Score : 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  





Reference:
SECTRACK-1019329
http://www.securityfocus.com/archive/1/archive/1/487826/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded
SUNALERT-238492
SUNALERT-239546
BID-27406
SECUNIA-28622
SECUNIA-28754
SECUNIA-28766
SECUNIA-28808
SECUNIA-28815
SECUNIA-28818
SECUNIA-28839
SECUNIA-28864
SECUNIA-28865
SECUNIA-28877
SECUNIA-28879
SECUNIA-28924
SECUNIA-28939
SECUNIA-28958
SECUNIA-29049
SECUNIA-29086
SECUNIA-29098
SECUNIA-29164
SECUNIA-29167
SECUNIA-29211
SECUNIA-29567
SECUNIA-30327
SECUNIA-30620
SECUNIA-31043
ADV-2008-0263
ADV-2008-0453
ADV-2008-0454
ADV-2008-0627
ADV-2008-1793
ADV-2008-2091
DSA-1484
DSA-1485
DSA-1489
DSA-1506
FEDORA-2008-1435
FEDORA-2008-1459
FEDORA-2008-1535
FEDORA-2008-2060
FEDORA-2008-2118
GLSA-200805-18
MDVSA-2008:048
MDVSA-2008:062
RHSA-2008:0103
RHSA-2008:0104
RHSA-2008:0105
SSA:2008-061-01
SUSE-SA:2008:008
USN-576-1
USN-582-1
USN-582-2
VU#309608
http://browser.netscape.com/releasenotes/
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
http://wiki.rpath.com/Advisories:rPSA-2008-0051
http://wiki.rpath.com/Advisories:rPSA-2008-0093
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
https://issues.rpath.com/browse/RPL-1995

CPE    3
cpe:/a:mozilla:seamonkey:1.1.7
cpe:/a:mozilla:firefox:2.0.0.11
cpe:/a:mozilla:thunderbird:2.0.0.11
CWE    1
CWE-22
OVAL    6
oval:org.secpod.oval:def:301272
oval:org.secpod.oval:def:301328
oval:org.mitre.oval:def:8162
oval:org.mitre.oval:def:7909
...

© 2013 SecPod Technologies