Lucene search

RedhatCVELIST:CVE-2008-0418

HistoryFeb 08, 2008 - 9:00 p.m.

CVE-2008-0418

2008-02-0821:00:00

redhat

www.cve.org

AI Score

6.5

Confidence

Low

EPSS

0.013

Percentile

86.3%

JSON

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using “flat” addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

References

browser.netscape.com/releasenotes/

lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

secunia.com/advisories/28622/

secunia.com/advisories/28754

secunia.com/advisories/28766

secunia.com/advisories/28808

secunia.com/advisories/28815

secunia.com/advisories/28818

secunia.com/advisories/28839

secunia.com/advisories/28864

secunia.com/advisories/28865

secunia.com/advisories/28877

secunia.com/advisories/28879

secunia.com/advisories/28924

secunia.com/advisories/28939

secunia.com/advisories/28958

secunia.com/advisories/29049

secunia.com/advisories/29086

secunia.com/advisories/29098

secunia.com/advisories/29164

secunia.com/advisories/29167

secunia.com/advisories/29211

secunia.com/advisories/29567

secunia.com/advisories/30327

secunia.com/advisories/30620

secunia.com/advisories/31043

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

wiki.rpath.com/Advisories:rPSA-2008-0051

wiki.rpath.com/Advisories:rPSA-2008-0093

wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

www.debian.org/security/2008/dsa-1484

www.debian.org/security/2008/dsa-1485

www.debian.org/security/2008/dsa-1489

www.debian.org/security/2008/dsa-1506

www.gentoo.org/security/en/glsa/glsa-200805-18.xml

www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/

www.kb.cert.org/vuls/id/309608

www.mandriva.com/security/advisories?name=MDVSA-2008:048

www.mandriva.com/security/advisories?name=MDVSA-2008:062

www.mozilla.org/security/announce/2008/mfsa2008-05.html

www.redhat.com/support/errata/RHSA-2008-0103.html

www.redhat.com/support/errata/RHSA-2008-0104.html

www.redhat.com/support/errata/RHSA-2008-0105.html

www.securityfocus.com/archive/1/487826/100/0/threaded

www.securityfocus.com/archive/1/488002/100/0/threaded

www.securityfocus.com/archive/1/488971/100/0/threaded

www.securityfocus.com/bid/27406

www.securitytracker.com/id?1019329

www.ubuntu.com/usn/usn-576-1

www.ubuntu.com/usn/usn-582-1

www.ubuntu.com/usn/usn-582-2

www.vupen.com/english/advisories/2008/0263

www.vupen.com/english/advisories/2008/0453/references

www.vupen.com/english/advisories/2008/0454/references

www.vupen.com/english/advisories/2008/0627/references

www.vupen.com/english/advisories/2008/1793/references

www.vupen.com/english/advisories/2008/2091/references

issues.rpath.com/browse/RPL-1995

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705

www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html