EIP-2026-103168

PRE-CVE

Mozilla Firefox 2.0.9 - 'view-source:' Scheme Information Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103168. PoCs published by Ronald van den Heetkamp.

AI-analyzed exploit summary This exploit leverages a JavaScript-based information disclosure vulnerability in Mozilla Firefox by accessing local resource files via the 'view-source:resource://' URI scheme. It demonstrates the ability to read sensitive preference files (e.g., 'all.js') without proper restrictions.

Description

Mozilla Firefox 2.0.9 - 'view-source:' Scheme Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ronald van den Heetkamp · textremotelinux
https://www.exploit-db.com/exploits/31127

This exploit leverages a JavaScript-based information disclosure vulnerability in Mozilla Firefox by accessing local resource files via the 'view-source:resource://' URI scheme. It demonstrates the ability to read sensitive preference files (e.g., 'all.js') without proper restrictions.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mozilla Firefox <= 2.0.0.12
No auth needed
Prerequisites: Victim must visit a malicious webpage or execute the script in a vulnerable Firefox version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026