Mozilla Firefox "chrome:" Directory Traversal Security Issue
Data de publicação: 21 julho 2015
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2008-0418
Data do informe: 21 julho 2015
Descrição
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1001346
Trend Micro Deep Security DPI Rule Name: 1001346 - Mozilla Firefox "chrome:" Directory Traversal
Software infectado e versão:
- mozilla firefox 2.0.0.11
- mozilla seamonkey 1.1.7
- mozilla thunderbird 2.0.0.11