Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26241
HistoryMay 01, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-16

2011-05-0100:00:00
vulners.com
31

Mozilla Foundation Security Advisory 2011-16

Title: Directory traversal in resource: protocol
Impact: Moderate
Announced: April 28, 2011
Reporter: Soroush Dalili
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.17
Firefox 3.5.19
Thunderbird 3.1.10
SeaMonkey 2.0.14
Description

Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed.
References

https://bugzilla.mozilla.org/show_bug.cgi?id=624764
CVE-2011-0071
Related for SECURITYVULNS:DOC:26241