No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
Mozilla Firefox "chrome:" Directory Traversal Security Issue Secunia Advisory:SA28622 Release Date:2008-01-24 Critical:Less critical Impact:Security Bypass Where:From remote Solution Status:Unpatched Software:Mozilla Firefox 2.0.xDescription:Gerry Eisenhaur has discovered a security issue in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions.The security issue is caused due to an error within the handling of "chrome:" URIs. This can be exploited to include arbitrary scripts from local resources via directory traversal attacks.Successful exploitation requires that an extension which doesn't store it's contents inside a .jar file is installed.The security issue is confirmed in version 2.0.0.11 for Windows. Other versions may also be affected.Solution:Do not open untrusted web pages.Provided and/or discovered by:Gerry EisenhaurOriginal Advisory:http://www.hiredhacker.com/2008/01/19...ome-url-handling-directory-traversal/
Mozilla Firefox "chrome:" Directory Traversal Security Issue
Secunia Advisory:SA28622
Release Date:2008-01-24
Critical:Less critical
Impact:Security Bypass
Where:From remote
Solution Status:Unpatched
Software:Mozilla Firefox 2.0.x
Source: Mozilla Firefox "chrome:" Directory Traversal Security Issue - Advisories - Secunia
No Comments