Mozilla Firefox "chrome:" Directory Traversal Security Issue
Severity: MEDIUM
CVE Identifier: CVE-2008-0418
Advisory Date: JUL 21, 2015
DESCRIPTION
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1001346
Trend Micro Deep Security DPI Rule Name: 1001346 - Mozilla Firefox "chrome:" Directory Traversal
AFFECTED SOFTWARE AND VERSION
- mozilla firefox 2.0.0.11
- mozilla seamonkey 1.1.7
- mozilla thunderbird 2.0.0.11