Home > Vulnerability Database > CVE-2008-0418

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-0418

Date: February 8, 2008

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Severity Score

3.7

Related Resources (71)

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

Url: http://secunia.com/advisories/28622/

Url: http://www.securityfocus.com/bid/27406

Url: http://www.vupen.com/english/advisories/2008/0453/references

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

Url: http://browser.netscape.com/releasenotes/

Url: http://www.redhat.com/support/errata/RHSA-2008-0105.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

Url: http://secunia.com/advisories/28808

Url: http://secunia.com/advisories/28924

Url: http://www.securityfocus.com/archive/1/488002/100/0/threaded

Url: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

Url: http://secunia.com/advisories/28766

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-0418

Url: http://www.vupen.com/english/advisories/2008/0263

Url: http://www.debian.org/security/2008/dsa-1506

Url: http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

Url: http://www.securityfocus.com/archive/1/488971/100/0/threaded

Url: http://www.vupen.com/english/advisories/2008/2091/references

Url: http://www.securitytracker.com/id?1019329

Url: http://secunia.com/advisories/30327

Url: http://www.redhat.com/support/errata/RHSA-2008-0104.html

Url: http://secunia.com/advisories/28939

Url: http://secunia.com/advisories/28818

Url: https://access.redhat.com/security/cve/CVE-2008-0418

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:062

Url: http://secunia.com/advisories/28815

Url: http://secunia.com/advisories/29164

Url: http://secunia.com/advisories/31043

Url: http://secunia.com/advisories/29167

Url: http://www.vupen.com/english/advisories/2008/0627/references

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-05.html

Url: http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/

Url: http://secunia.com/advisories/29086

Url: http://www.debian.org/security/2008/dsa-1484

Url: http://www.ubuntu.com/usn/usn-582-2

Url: http://www.debian.org/security/2008/dsa-1489

Url: http://www.ubuntu.com/usn/usn-582-1

Url: http://www.debian.org/security/2008/dsa-1485

Url: http://secunia.com/advisories/28864

Url: http://secunia.com/advisories/28865

Url: http://www.securityfocus.com/archive/1/487826/100/0/threaded

Url: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

Url: http://wiki.rpath.com/Advisories:rPSA-2008-0051

Url: http://secunia.com/advisories/29098

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

Url: http://secunia.com/advisories/29211

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

Url: http://www.vupen.com/english/advisories/2008/1793/references

Url: http://wiki.rpath.com/Advisories:rPSA-2008-0093

Url: http://www.ubuntu.com/usn/usn-576-1

Url: http://www.kb.cert.org/vuls/id/309608

Url: https://issues.rpath.com/browse/RPL-1995

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

Url: http://secunia.com/advisories/30620

Url: http://secunia.com/advisories/28839

Url: http://www.vupen.com/english/advisories/2008/0454/references

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705

Url: http://secunia.com/advisories/28879

Url: http://secunia.com/advisories/28958

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0418

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

Url: http://secunia.com/advisories/28754

Url: http://www.redhat.com/support/errata/RHSA-2008-0103.html

Url: http://secunia.com/advisories/28877

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

Url: http://secunia.com/advisories/29049

Url: http://secunia.com/advisories/29567

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-0418

Severity Score

3.7

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us