 |
|
|
|
| From: | MOZILLA | | Date: | 03.07.2008 | | Subject: | Mozilla Foundation Security Advisory 2008-30 |
Mozilla Foundation Security Advisory 2008-30
Title: File location URL in directory listings not escaped properly
Impact: Low
Announced: July 1, 2008
Reporter: Masahiro Yamada
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.15
SeaMonkey 1.1.10
Description
Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=411433
* CVE-2008-2808
|
|
|
|
|
|
|
|
