Unrated severityNVD Advisory· Published Feb 8, 2008· Updated Jun 16, 2026
CVE-2008-0418
CVE-2008-0418
Description
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.11
- (no CPE)range: <2.0.0.12
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=1.1.7
- (no CPE)range: <1.1.8
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=2.0.0.11
- (no CPE)range: <2.0.0.12
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
67- www.kb.cert.org/vuls/id/309608nvdUS Government Resource
- browser.netscape.com/releasenotes/nvd
- lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlnvd
- secunia.com/advisories/28622/nvd
- secunia.com/advisories/28754nvd
- secunia.com/advisories/28766nvd
- secunia.com/advisories/28808nvd
- secunia.com/advisories/28815nvd
- secunia.com/advisories/28818nvd
- secunia.com/advisories/28839nvd
- secunia.com/advisories/28864nvd
- secunia.com/advisories/28865nvd
- secunia.com/advisories/28877nvd
- secunia.com/advisories/28879nvd
- secunia.com/advisories/28924nvd
- secunia.com/advisories/28939nvd
- secunia.com/advisories/28958nvd
- secunia.com/advisories/29049nvd
- secunia.com/advisories/29086nvd
- secunia.com/advisories/29098nvd
- secunia.com/advisories/29164nvd
- secunia.com/advisories/29167nvd
- secunia.com/advisories/29211nvd
- secunia.com/advisories/29567nvd
- secunia.com/advisories/30327nvd
- secunia.com/advisories/30620nvd
- secunia.com/advisories/31043nvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.htmlnvd
- wiki.rpath.com/Advisories:rPSA-2008-0051nvd
- wiki.rpath.com/Advisories:rPSA-2008-0093nvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0093nvd
- www.debian.org/security/2008/dsa-1484nvd
- www.debian.org/security/2008/dsa-1485nvd
- www.debian.org/security/2008/dsa-1489nvd
- www.debian.org/security/2008/dsa-1506nvd
- www.gentoo.org/security/en/glsa/glsa-200805-18.xmlnvd
- www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2008/mfsa2008-05.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0103.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0104.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0105.htmlnvd
- www.securityfocus.com/archive/1/487826/100/0/threadednvd
- www.securityfocus.com/archive/1/488002/100/0/threadednvd
- www.securityfocus.com/archive/1/488971/100/0/threadednvd
- www.securityfocus.com/bid/27406nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-576-1nvd
- www.ubuntu.com/usn/usn-582-1nvd
- www.ubuntu.com/usn/usn-582-2nvd
- www.vupen.com/english/advisories/2008/0263nvd
- www.vupen.com/english/advisories/2008/0453/referencesnvd
- www.vupen.com/english/advisories/2008/0454/referencesnvd
- www.vupen.com/english/advisories/2008/0627/referencesnvd
- www.vupen.com/english/advisories/2008/1793/referencesnvd
- www.vupen.com/english/advisories/2008/2091/referencesnvd
- issues.rpath.com/browse/RPL-1995nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705nvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.htmlnvd
News mentions
0No linked articles in our index yet.