[VU:309608] Mozilla products may allow directory traversal
Severity
Medium
CVEs
1
Overview
A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal.
Impact
A remote, unauthorized attacker may be able to execute code on a vulnerable system or view browser history information.
Solution
Apply an update
According to the Mozilla Foundation Security Advisory 2008-05 this vulnerability is addressed in Firefox 2.0.0.12, Thunderbird 2.0.0.12 (unavailable as of 11-Feb-2008) and SeaMonkey 1.1.8.
Acknowledgements
This vulnerability is addressed in Mozilla Foundation Security Advisory
2008-05
. Mozilla credits Gerry Eisenhaur for reporting this issue.
- ID
- VU:309608
- Severity
- medium
- Severity from
- CVE-2008-0418
- URL
- https://kb.cert.org/vuls/id/309608
- Published
-
2008-02-11T14:52:06
(16 years ago) - Modified
-
2008-02-11T14:52:23
(16 years ago) - Rights
- Copyright 2008, CERT Coordination Center (CERT/CC)
- Other Advisories
ELSA-2008-0103
FEDORA-2008-1435
FREEBSD:810A5197-E0D9-11DC-891A-02061B08FC24
GLSA-200805-18
SSA:2008-061-01
USN-576-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |