Directory traversal vulnerability in Mozilla Firefox prior to 2.0.0.12, Thunderbird prior to 2.0.0.12, and SeaMonkey prior to 1.1.8, when using "flat" addons, allows remote malicious users to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
mozilla thunderbird |