Launchpad.net

CVE 2008-0418

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Related bugs and status

CVE-2008-0418 (Candidate) is related to these bugs:

Bug #195693: [iceape] several vulnerabilities

Summary				In	Importance	Status
	195693	[iceape] several vulnerabilities		iceape (Ubuntu)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.hiredhacker...
CONFIRM: http://www.mozilla.org...
BUGTRAQ: 20080209 rPSA-2008-005...
BUGTRAQ: 20080212 FLEA-2008-000...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1484
DEBIAN: DSA-1485
DEBIAN: DSA-1489
REDHAT: RHSA-2008:0103
REDHAT: RHSA-2008:0104
REDHAT: RHSA-2008:0105
UBUNTU: USN-576-1
CERT-VN: VU#309608
BID: 27406
SECTRACK: 1019329
SECUNIA: 28818
SECUNIA: 28754
SECUNIA: 28766
SECUNIA: 28808
SECUNIA: 28815
SECUNIA: 28839
SECUNIA: 28864
SECUNIA: 28865
SECUNIA: 28877
SECUNIA: 28879
FEDORA: FEDORA-2008-1435
FEDORA: FEDORA-2008-1459
FEDORA: FEDORA-2008-1535
SECUNIA: 28924
SECUNIA: 28939
CONFIRM: http://browser.netscap...
DEBIAN: DSA-1506
MANDRIVA: MDVSA-2008:048
SUSE: SUSE-SA:2008:008
SECUNIA: 28958
SECUNIA: 29049
SECUNIA: 29086
BUGTRAQ: 20080229 rPSA-2008-009...
CONFIRM: http://wiki.rpath.com/...
FEDORA: FEDORA-2008-2060
FEDORA: FEDORA-2008-2118
UBUNTU: USN-582-1
SECUNIA: 28622
SECUNIA: 29167
CONFIRM: http://wiki.rpath.com/...
CONFIRM: https://issues.rpath.c...
MANDRIVA: MDVSA-2008:062
SLACKWARE: SSA:2008-061-01
UBUNTU: USN-582-2
SECUNIA: 29098
SECUNIA: 29164
SECUNIA: 29211
CONFIRM: http://support.novell....
SECUNIA: 29567
SECUNIA: 30327
SUNALERT: 239546
SECUNIA: 31043
GENTOO: GLSA-200805-18
SUNALERT: 238492
SECUNIA: 30620
VUPEN: ADV-2008-0453
VUPEN: ADV-2008-0454
VUPEN: ADV-2008-0627
VUPEN: ADV-2008-2091
VUPEN: ADV-2008-0263
VUPEN: ADV-2008-1793
OVAL: oval:org.mitre.oval:de...