Vulnerability Note VU#309608
Mozilla products may allow directory traversal
A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal.
Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a vulnerability in the way chrome: URIs are handled when certain browser extentions are installed. According to the Mozilla Foundation Security Advisory 2008-05:
Mozilla also reports that this vulnerability can be exploited in Mozilla web browsers to obtain cookie data and information about currently opened webpages from the sessionstore.js file.
Mozilla has released a partial list of "flat" packaged extentions.
A remote, unauthorized attacker may be able to execute code on a vulnerable system or view browser history information.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla||Affected||-||11 Feb 2008|
CVSS Metrics (Learn More)
This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-05. Mozilla credits Gerry Eisenhaur for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-0418
- Date Public: 07 Feb 2008
- Date First Published: 11 Feb 2008
- Date Last Updated: 11 Feb 2008
- Severity Metric: 4.72
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.