Mozilla Foundation Security Advisory 2008-30

2008-07-03T00:00:00
ID SECURITYVULNS:DOC:20116
Type securityvulns
Reporter Securityvulns
Modified 2008-07-03T00:00:00

Description

Mozilla Foundation Security Advisory 2008-30

Title: File location URL in directory listings not escaped properly Impact: Low Announced: July 1, 2008 Reporter: Masahiro Yamada Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.15 SeaMonkey 1.1.10 Description

Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=411433
* CVE-2008-2808