Gravità: : Medio
  Identificatori CVE: CVE-2008-0418
  Data notifica: 21 luglio 2015

  Descrizione

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

  Informazioni esposizione:

Apply associated Trend Micro DPI Rules.

  Soluzioni

  Trend Micro Deep Security DPI Rule Number: 1001346
  Trend Micro Deep Security DPI Rule Name: 1001346 - Mozilla Firefox "chrome:" Directory Traversal

  Software e versione interessati:

  • mozilla firefox 2.0.0.11
  • mozilla seamonkey 1.1.7
  • mozilla thunderbird 2.0.0.11