New Search

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 when using "flat" addons allows remote attackers to read arbitrary Javascript image and stylesheet files via the chrome: URI scheme as demonstrated by stealing session information from sessionstore.js.

oval:org.mitre.oval:def:10705

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 when using "flat" addons allows remote attackers to read arbitrary Javascript image and stylesheet files via the chrome: URI scheme as demonstrated by stealing session information from sessionstore.js.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • Oracle Linux 5
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2008-0418
Product(s):