[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3073Date: (C)2007-06-06   (M)2023-12-22


Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/470500/100/0/threaded
SECUNIA-25481
OSVDB-35920
http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/
http://larholm.com/2007/05/25/firefox-0day-local-file-reading/
http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/
https://bugzilla.mozilla.org/show_bug.cgi?id=367428
https://bugzilla.mozilla.org/show_bug.cgi?id=380994

CPE    42
cpe:/o:apple:mac_os_x:10.4.9
cpe:/o:apple:mac_os_x
cpe:/o:apple:mac_os_x:10.3.9
cpe:/o:apple:mac_os_x:10.4.8
...

© SecPod Technologies