Rapid7 Vulnerability & Exploit Database

MFSA2008-05 Firefox: Directory traversal via chrome: URI (CVE-2008-0418)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

MFSA2008-05 Firefox: Directory traversal via chrome: URI (CVE-2008-0418)

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

02/08/2008

Created

07/25/2018

Added

06/14/2012

Modified

02/13/2015

Description

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Solution(s)

mozilla-firefox-upgrade-2_0_0_12

References

https://attackerkb.com/topics/cve-2008-0418
27406
309608
CVE - 2008-0418
DSA-1484
DSA-1485
DSA-1489
DSA-1506
OVAL10705
RHSA-2008:0103
RHSA-2008:0104
RHSA-2008:0105
SUSE-SA:2008:008
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2008-05 Firefox: Directory traversal via chrome: URI (CVE-2008-0418)

MFSA2008-05 Firefox: Directory traversal via chrome: URI (CVE-2008-0418)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.