CVE-2008-0418
Mozilla Firefox < 2.0.0.12, Thunderbird < 2.0.0.12, and SeaMonkey < 1.1.8 - Directory Traversal via Chrome URI Scheme
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0418. PoCs published by Gerry Eisenhaur.
AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Mozilla Firefox to access local JavaScript files, potentially exposing sensitive information. It requires a specific addon with flat packaging to succeed.
Description
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
Exploits (1)
This exploit leverages a path traversal vulnerability in Mozilla Firefox to access local JavaScript files, potentially exposing sensitive information. It requires a specific addon with flat packaging to succeed.