Mozilla Firefox 3 prior to 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote malicious users to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.0.7 |
||
mozilla firefox 3.0.5 |
||
mozilla firefox 3.0.2 |
||
mozilla firefox |
||
mozilla firefox 3.0.1 |
||
mozilla firefox 3.0 |
||
mozilla firefox 3.0.6 |
||
mozilla firefox 3.0.4 |
||
mozilla firefox 3.0.3 |
||
mozilla firefox 3.0.8 |
||
mozilla firefox 3.0.9 |
||
mozilla firefox 3.1 |
||
mozilla firefox 3.0beta5 |