CVE-2008-0418 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 when using \flat\ addons allows remote attackers to read arbitrary Javascript image and stylesheet files via the chrome: URI scheme as demonstrated by stealing session information from sessionstore.js.

Reference

http://browser.netscape.com/releasenotes/ http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28622/ http://secunia.com/advisories/28754 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http://secunia.com/advisories/28879 http://secunia.com/advisories/28924 http://secunia.com/advisories/28939 http://secunia.com/advisories/28958 http://secunia.com/advisories/29049 http://secunia.com/advisories/29086 http://secunia.com/advisories/29098 http://secunia.com/advisories/29164 http://secunia.com/advisories/29167 http://secunia.com/advisories/29211 http://secunia.com/advisories/29567 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://secunia.com/advisories/31043 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://wiki.rpath.com/Advisories:rPSA-2008-0093 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 http://www.debian.org/security/2008/dsa-1484 http://www.debian.org/security/2008/dsa-1485 http://www.debian.org/security/2008/dsa-1489 http://www.debian.org/security/2008/dsa-1506 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/ http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/ http://www.kb.cert.org/vuls/id/309608 http://www.mandriva.com/security/advisories?name=MDVSA-2008:048 http://www.mandriva.com/security/advisories?name=MDVSA-2008:062 http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.redhat.com/support/errata/RHSA-2008-0103.html http://www.redhat.com/support/errata/RHSA-2008-0104.html http://www.redhat.com/support/errata/RHSA-2008-0105.html http://www.securityfocus.com/archive/1/487826/100/0/threaded http://www.securityfocus.com/archive/1/488002/100/0/threaded http://www.securityfocus.com/archive/1/488971/100/0/threaded http://www.securityfocus.com/bid/27406 http://www.securitytracker.com/id?1019329 http://www.ubuntu.com/usn/usn-576-1 http://www.ubuntu.com/usn/usn-582-1 http://www.ubuntu.com/usn/usn-582-2 http://www.vupen.com/english/advisories/2008/0263 http://www.vupen.com/english/advisories/2008/0453/references http://www.vupen.com/english/advisories/2008/0454/references http://www.vupen.com/english/advisories/2008/0627/references http://www.vupen.com/english/advisories/2008/1793/references http://www.vupen.com/english/advisories/2008/2091/references https://issues.rpath.com/browse/RPL-1995 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10705 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

Share on: