CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
86.3%
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using “flat” addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
browser.netscape.com/releasenotes/
lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
secunia.com/advisories/28622/
secunia.com/advisories/28754
secunia.com/advisories/28766
secunia.com/advisories/28808
secunia.com/advisories/28815
secunia.com/advisories/28818
secunia.com/advisories/28839
secunia.com/advisories/28864
secunia.com/advisories/28865
secunia.com/advisories/28877
secunia.com/advisories/28879
secunia.com/advisories/28924
secunia.com/advisories/28939
secunia.com/advisories/28958
secunia.com/advisories/29049
secunia.com/advisories/29086
secunia.com/advisories/29098
secunia.com/advisories/29164
secunia.com/advisories/29167
secunia.com/advisories/29211
secunia.com/advisories/29567
secunia.com/advisories/30327
secunia.com/advisories/30620
secunia.com/advisories/31043
slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399
sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
wiki.rpath.com/Advisories:rPSA-2008-0051
wiki.rpath.com/Advisories:rPSA-2008-0093
wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
www.debian.org/security/2008/dsa-1484
www.debian.org/security/2008/dsa-1485
www.debian.org/security/2008/dsa-1489
www.debian.org/security/2008/dsa-1506
www.gentoo.org/security/en/glsa/glsa-200805-18.xml
www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
www.kb.cert.org/vuls/id/309608
www.mandriva.com/security/advisories?name=MDVSA-2008:048
www.mandriva.com/security/advisories?name=MDVSA-2008:062
www.mozilla.org/security/announce/2008/mfsa2008-05.html
www.redhat.com/support/errata/RHSA-2008-0103.html
www.redhat.com/support/errata/RHSA-2008-0104.html
www.redhat.com/support/errata/RHSA-2008-0105.html
www.securityfocus.com/archive/1/487826/100/0/threaded
www.securityfocus.com/archive/1/488002/100/0/threaded
www.securityfocus.com/archive/1/488971/100/0/threaded
www.securityfocus.com/bid/27406
www.securitytracker.com/id?1019329
www.ubuntu.com/usn/usn-576-1
www.ubuntu.com/usn/usn-582-1
www.ubuntu.com/usn/usn-582-2
www.vupen.com/english/advisories/2008/0263
www.vupen.com/english/advisories/2008/0453/references
www.vupen.com/english/advisories/2008/0454/references
www.vupen.com/english/advisories/2008/0627/references
www.vupen.com/english/advisories/2008/1793/references
www.vupen.com/english/advisories/2008/2091/references
issues.rpath.com/browse/RPL-1995
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705
www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html
www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html