Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability

Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability

References:

Partial list of flat packaged add-ons (Mozilla Foundation)
Bug 413250 â?? chrome directory traversal (local disk access via flat addons) (Mozilla Foundation)
Bug 413451 â?? allows to steal data from sessionstore.js (Mozilla Foundation)
chrome protocol directory traversal (Mozilla)
Status update for Chrome Protocol Directory Traversal issue (Mozilla Security Blog)
Vendor Homepage (Mozilla Foundation)
ASA-2008-059: firefox security update (RHSA-2008-0103) (Avaya)
Firefox chrome: URL Handling Directory Traversal (hiredhacker.com)
MFSA 2008-05: Directory traversal via chrome: URI (Mozilla Foundation)
RHSA-2008:0103-7 Critical: firefox security update (Red Hat)
RHSA-2008:0104-4 Critical: seamonkey security update (Red Hat)
RHSA-2008:0105-4 Moderate: thunderbird security update (Red Hat)
Security update for epiphany (Novell)
Solution 238492 : Multiple Security Vulnerabilities in Solaris 10 Firefox may (Sun)
Solution 239546: Security Vulnerabilities in Thunderbird for Solaris May Result (Sun Microsystems)
Vulnerability Note VU#309608 Mozilla products may allow directory traversal (US-CERT)

Privacy Statement
Copyright 2010, SecurityFocus