Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2rxc-55rq-5r4c

Опубликовано: 01 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Ссылки

EPSS

Процентиль: 97%
0.38662
Средний

CVE ID

CVE-2008-0418

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2008-0418

ubuntu
больше 17 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

redhat логотип

CVE-2008-0418

redhat
больше 17 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

nvd логотип

CVE-2008-0418

nvd
больше 17 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

debian логотип

CVE-2008-0418

debian
больше 17 лет назад

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...

oracle-oval логотип

ELSA-2008-0103

oracle-oval
больше 17 лет назад

ELSA-2008-0103: Critical: firefox security update (CRITICAL)

EPSS

Процентиль: 97%
0.38662
Средний

CVE ID

CVE-2008-0418

Дефекты

CWE-22