CVE-2008-4582

Priority
Negligible
Description
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly
identify the context of Windows .url shortcut files, which allows
user-assisted remote attackers to bypass the Same Origin Policy and obtain
sensitive information via an HTML document that is directly accessible
through a filesystem, as demonstrated by documents in (1) local folders,
(2) Windows share folders, and (3) RAR archives, and as demonstrated by
IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory
and (b) about:cache?device=disk, a variant of CVE-2008-2810.
References
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:33:45 UTC (commit 9756)