exploitDog

CVE-2009-0355

Опубликовано: 03 фев. 2009

Источник: redhat

CVSS2: 2.6

EPSS Низкий

Описание

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=483143Firefox local file stealing with SessionStore

EPSS

Процентиль: 82%

0.01804

Низкий

2.6 Low

CVSS2

Связанные уязвимости

CVE-2009-0355

ubuntu

больше 16 лет назад

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

CVE-2009-0355

nvd

больше 16 лет назад

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

CVE-2009-0355

debian

больше 16 лет назад

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox befor ...

GHSA-h2q7-pj3w-pr6f

github

около 3 лет назад

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

ELSA-2009-0256

oracle-oval

больше 16 лет назад

ELSA-2009-0256: firefox security update (CRITICAL)

EPSS

Процентиль: 82%

0.01804

Низкий

2.6 Low

CVSS2