A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal.
Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a vulnerability in the way chrome: URIs are handled when certain browser extentions are installed. According to the Mozilla Foundation Security Advisory 2008-05:
A remote, unauthorized attacker may be able to execute code on a vulnerable system or view browser history information.
Apply an update
This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-05. Mozilla credits Gerry Eisenhaur for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2008-02-11|
|Date Last Updated:||2008-02-11 14:52 UTC|