Unrated severityNVD Advisory· Published Feb 8, 2008· Updated Apr 23, 2026
CVE-2008-0418
CVE-2008-0418
Description
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
67- www.kb.cert.org/vuls/id/309608nvdUS Government Resource
- browser.netscape.com/releasenotes/nvd
- lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlnvd
- secunia.com/advisories/28622/nvd
- secunia.com/advisories/28754nvd
- secunia.com/advisories/28766nvd
- secunia.com/advisories/28808nvd
- secunia.com/advisories/28815nvd
- secunia.com/advisories/28818nvd
- secunia.com/advisories/28839nvd
- secunia.com/advisories/28864nvd
- secunia.com/advisories/28865nvd
- secunia.com/advisories/28877nvd
- secunia.com/advisories/28879nvd
- secunia.com/advisories/28924nvd
- secunia.com/advisories/28939nvd
- secunia.com/advisories/28958nvd
- secunia.com/advisories/29049nvd
- secunia.com/advisories/29086nvd
- secunia.com/advisories/29098nvd
- secunia.com/advisories/29164nvd
- secunia.com/advisories/29167nvd
- secunia.com/advisories/29211nvd
- secunia.com/advisories/29567nvd
- secunia.com/advisories/30327nvd
- secunia.com/advisories/30620nvd
- secunia.com/advisories/31043nvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.htmlnvd
- wiki.rpath.com/Advisories:rPSA-2008-0051nvd
- wiki.rpath.com/Advisories:rPSA-2008-0093nvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0093nvd
- www.debian.org/security/2008/dsa-1484nvd
- www.debian.org/security/2008/dsa-1485nvd
- www.debian.org/security/2008/dsa-1489nvd
- www.debian.org/security/2008/dsa-1506nvd
- www.gentoo.org/security/en/glsa/glsa-200805-18.xmlnvd
- www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2008/mfsa2008-05.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0103.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0104.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0105.htmlnvd
- www.securityfocus.com/archive/1/487826/100/0/threadednvd
- www.securityfocus.com/archive/1/488002/100/0/threadednvd
- www.securityfocus.com/archive/1/488971/100/0/threadednvd
- www.securityfocus.com/bid/27406nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-576-1nvd
- www.ubuntu.com/usn/usn-582-1nvd
- www.ubuntu.com/usn/usn-582-2nvd
- www.vupen.com/english/advisories/2008/0263nvd
- www.vupen.com/english/advisories/2008/0453/referencesnvd
- www.vupen.com/english/advisories/2008/0454/referencesnvd
- www.vupen.com/english/advisories/2008/0627/referencesnvd
- www.vupen.com/english/advisories/2008/1793/referencesnvd
- www.vupen.com/english/advisories/2008/2091/referencesnvd
- issues.rpath.com/browse/RPL-1995nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10705nvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.htmlnvd
News mentions
0No linked articles in our index yet.