New Search

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 when using "flat" addons allows remote attackers to read arbitrary Javascript image and stylesheet files via the chrome: URI scheme as demonstrated by stealing session information from sessionstore.js.

oval:org.mitre.oval:def:10705

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 when using "flat" addons allows remote attackers to read arbitrary Javascript image and stylesheet files via the chrome: URI scheme as demonstrated by stealing session information from sessionstore.js.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 4
  • Oracle Linux 5
  • CentOS Linux 3
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2008-0418
Product(s):