CVE-2008-0418

N/A Unknown
Published: February 08, 2008 Modified: April 23, 2026
View on NVD

Description

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://browser.netscape.com/releasenotes/
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Source: secalert@redhat.com
http://secunia.com/advisories/28622/
Source: secalert@redhat.com
http://secunia.com/advisories/28754
Source: secalert@redhat.com
http://secunia.com/advisories/28766
Source: secalert@redhat.com
http://secunia.com/advisories/28808
Source: secalert@redhat.com
http://secunia.com/advisories/28815
Source: secalert@redhat.com
http://secunia.com/advisories/28818
Source: secalert@redhat.com
http://secunia.com/advisories/28839
Source: secalert@redhat.com
http://secunia.com/advisories/28864
Source: secalert@redhat.com
http://secunia.com/advisories/28865
Source: secalert@redhat.com
http://secunia.com/advisories/28877
Source: secalert@redhat.com
http://secunia.com/advisories/28879
Source: secalert@redhat.com
http://secunia.com/advisories/28924
Source: secalert@redhat.com
http://secunia.com/advisories/28939
Source: secalert@redhat.com
http://secunia.com/advisories/28958
Source: secalert@redhat.com
http://secunia.com/advisories/29049
Source: secalert@redhat.com
http://secunia.com/advisories/29086
Source: secalert@redhat.com
http://secunia.com/advisories/29098
Source: secalert@redhat.com
http://secunia.com/advisories/29164
Source: secalert@redhat.com
http://secunia.com/advisories/29167
Source: secalert@redhat.com
http://secunia.com/advisories/29211
Source: secalert@redhat.com
http://secunia.com/advisories/29567
Source: secalert@redhat.com
http://secunia.com/advisories/30327
Source: secalert@redhat.com
http://secunia.com/advisories/30620
Source: secalert@redhat.com
http://secunia.com/advisories/31043
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Source: secalert@redhat.com
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Source: secalert@redhat.com
http://wiki.rpath.com/Advisories:rPSA-2008-0051
Source: secalert@redhat.com
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: secalert@redhat.com
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1484
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1485
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1489
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1506
Source: secalert@redhat.com
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: secalert@redhat.com
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
Source: secalert@redhat.com
http://www.kb.cert.org/vuls/id/309608
Source: secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2008:062
Source: secalert@redhat.com
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0103.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0104.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0105.html
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/487826/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/27406
Source: secalert@redhat.com
http://www.securitytracker.com/id?1019329
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-576-1
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-582-1
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-582-2
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0263
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0453/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0454/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0627/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/1793/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/2091/references
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-1995
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Source: secalert@redhat.com
http://browser.netscape.com/releasenotes/
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28622/
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28754
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28766
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28808
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28815
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28818
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28839
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28864
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28865
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28877
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28879
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28924
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28939
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28958
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29049
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29086
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29098
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29164
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29167
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29211
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29567
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30327
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30620
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31043
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0051
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1484
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1485
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1489
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1506
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/309608
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:062
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0103.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0104.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0105.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/487826/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/27406
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1019329
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-576-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-582-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-582-2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0263
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0453/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0454/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0627/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1793/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/2091/references
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1995
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Source: af854a3a-2127-422b-91ae-364da2661108

134 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
38.7%
97th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

mozilla

Related CVEs

CVE-2026-6222 5.3
CVE-2026-40003 5.1
CVE-2026-44597 3.7
CVE-2026-6278 N/A
CVE-2026-41484 5.3