42470 : Mozilla Firefox addMicrosummaryGenerator sidebar Method Remote Information Disclosure
Printer | http://osvdb.org/42470 | Email This | Edit Vulnerability

Views This Week

Views All Time

310

Info

Last Modified

about 1 year ago

Percent Complete

25%

Disclosure

Oct 18, 2007

Discovery

Aug 05, 2007

Dates

Exploit

Unknown

Solution

Oct 18, 2007

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

Description

(Description Provided by CVE) : Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch, Upgrade
Exploit: Exploit Rumored / Private
Disclosure: Vendor Verified
OSVDB: Web Related

Products

Unknown or Incomplete

References

CVE ID: 2007-5335 (see also: NVD)
Secunia Advisory ID: 27335 27387 27665
ISS X-Force ID: 37428
Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-535-1
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=390983

Tools & Filters

Nessus	28141 28197

Credit