CVE-2007-1116 Information

Description

The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript which allows remote attackers to obtain sensitive information by querying the browser’s session history.

Reference

http://osvdb.org/33804 http://securityreason.com/securityalert/2309 http://www.gnucitizen.org/projects/hscan-redux/ http://www.securityfocus.com/archive/1/461006/100/0/threaded http://www.securityfocus.com/archive/1/461013/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=371375