1. Home
  2. Vulnerabilities
  3. CVE-2008-0418

CVE-2008-0418

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 1.34 % (86th)
1.34% Progress
Affected Products 3
Advisories 13
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-02-08 22:00:00
(16 years ago)
Updated Date
2018-10-15 22:00:11
(6 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 2.0.0.11 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.11
  Mozilla Seamonkey 1.1.7 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.7
  Mozilla Thunderbird 2.0.0.11 and prior versions cpe:2.3:a:mozilla:thunderbird <= 2.0.0.11