Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0418

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0418
Last Modified 09 Sep 2013 01:30:43
Published 08 Feb 2008 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0418

Summary

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.11

  • Mozilla Seamonkey 1.1.7

  • Mozilla Thunderbird 2.0.0.11


References

CERT-VN - VU#309608

VUPEN - ADV-2008-2091

VUPEN - ADV-2008-1793

VUPEN - ADV-2008-0627

VUPEN - ADV-2008-0454

VUPEN - ADV-2008-0453

VUPEN - ADV-2008-0263

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-05.html

MISC - http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/

GENTOO - GLSA-200805-18

SUNALERT - 239546

SUNALERT - 238492

SECUNIA - 31043

SECUNIA - 30620

FEDORA - FEDORA-2008-2118

FEDORA - FEDORA-2008-2060

FEDORA - FEDORA-2008-1535

FEDORA - FEDORA-2008-1459

FEDORA - FEDORA-2008-1435

CONFIRM - https://issues.rpath.com/browse/RPL-1995

UBUNTU - USN-582-2

UBUNTU - USN-582-1

UBUNTU - USN-576-1

SECTRACK - 1019329

BID - 27406

BUGTRAQ - 20080229 rPSA-2008-0093-1 thunderbird

BUGTRAQ - 20080212 FLEA-2008-0001-1 firefox

BUGTRAQ - 20080209 rPSA-2008-0051-1 firefox

REDHAT - RHSA-2008:0105

REDHAT - RHSA-2008:0104

REDHAT - RHSA-2008:0103

MANDRIVA - MDVSA-2008:062

MANDRIVA - MDVSA-2008:048

DEBIAN - DSA-1506

DEBIAN - DSA-1489

DEBIAN - DSA-1485

DEBIAN - DSA-1484

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0093

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0051

CONFIRM - http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

SLACKWARE - SSA:2008-061-01

SECUNIA - 30327

SECUNIA - 29567

SECUNIA - 29211

SECUNIA - 29167

SECUNIA - 29164

SECUNIA - 29098

SECUNIA - 29086

SECUNIA - 29049

SECUNIA - 28958

SECUNIA - 28939

SECUNIA - 28924

SECUNIA - 28879

SECUNIA - 28877

SECUNIA - 28865

SECUNIA - 28864

SECUNIA - 28839

SECUNIA - 28818

SECUNIA - 28815

SECUNIA - 28808

SECUNIA - 28766

SECUNIA - 28754

SECUNIA - 28622

SUSE - SUSE-SA:2008:008

CONFIRM - http://browser.netscape.com/releasenotes/


Last Updated: 27 May 2016 10:46:48