Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18261
HistoryOct 23, 2007 - 12:00 a.m.

Mozilla Foundation Security Advisory 2007-34

2007-10-2300:00:00
vulners.com
20

Mozilla Foundation Security Advisory 2007-34

Title: Possible file stealing through sftp protocol
Impact: Moderate
Announced: October 18, 2007
Reporter: Georgi Guninski
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8
SeaMonkey 1.1.5
Description

On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=381146
* CVE-2007-5337
Related for SECURITYVULNS:DOC:18261