Mozilla Firefox "chrome:" Directory Traversal Security Issue
2015年7月21日
危険度: 中
CVE識別番号: CVE-2008-0418
情報公開日: 7 21, 2015
概要
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1001346
Trend Micro Deep Security DPI Rule Name: 1001346 - Mozilla Firefox "chrome:" Directory Traversal
影響を受けるソフトウェア
- mozilla firefox 2.0.0.11
- mozilla seamonkey 1.1.7
- mozilla thunderbird 2.0.0.11