Mozilla Firefox "chrome:" Directory Traversal Security Issue
Publish date: 21 de julio de 2015
Gravedad: Medio
Identificadores de CVE : CVE-2008-0418
Fecha recomendada: 21 de julio de 2015
Descripción
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1001346
Trend Micro Deep Security DPI Rule Name: 1001346 - Mozilla Firefox "chrome:" Directory Traversal
Software y versión afectados
- mozilla firefox 2.0.0.11
- mozilla seamonkey 1.1.7
- mozilla thunderbird 2.0.0.11