• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability

References:

• Partial list of flat packaged add-ons (Mozilla Foundation)
  
• Bug 413250 â?? chrome directory traversal (local disk access via flat addons) (Mozilla Foundation)
  
• Bug 413451 â?? allows to steal data from sessionstore.js (Mozilla Foundation)
  
• chrome protocol directory traversal (Mozilla)
  
• Firefox Homepage (Mozilla Foundation)
  
• Status update for Chrome Protocol Directory Traversal issue (Mozilla Security Blog)
  
• ASA-2008-059: firefox security update (RHSA-2008-0103) (Avaya)
  
• Firefox chrome: URL Handling Directory Traversal (hiredhacker.com)
  
• MFSA 2008-05: Directory traversal via chrome: URI (Mozilla Foundation)
  
• RHSA-2008:0103-7 Critical: firefox security update (Red Hat)
  
• RHSA-2008:0104-4 Critical: seamonkey security update (Red Hat)
  
• RHSA-2008:0105-4 Moderate: thunderbird security update (Red Hat)
  
• Security update for epiphany (Novell)
  
• Solution 238492 : Multiple Security Vulnerabilities in Solaris 10 Firefox may (Sun)
  
• Solution 239546: Security Vulnerabilities in Thunderbird for Solaris May Result (Sun Microsystems)
  
• Vulnerability Note VU#309608 Mozilla products may allow directory traversal (US-CERT)