The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect path name limitation involving symbols "/.. /", which allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the path name containing the symbol “/.. /”. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

d_path() truncating excessive long path name vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: Linux kernel Version: up to 2.2.20 and 2.4.18 Homepage: http://www.kernel.org/ Author: Wojciech Purczynski [email protected] Date: March 26, 2002 Issue: ====== In case of excessively long path names dpath kernel internal function returns truncated...