CVE-2008-0418
Published: 8 February 2008
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1)
|
| edgy |
Released
(2.0.0.12+0nobinonly+2-0ubuntu0.6.10)
|
|
| feisty |
Released
(2.0.0.12+1nobinonly+2-0ubuntu0.7.4)
|
|
| gutsy |
Released
(2.0.0.12+2nobinonly+2-0ubuntu0.7.10)
|
|
| hardy |
Released
(2.0.0.12+2nobinonly+2-0ubuntu3)
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
(2.0.0.12)
|
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
icedove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0)
|
| edgy |
Released
(1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0)
|
|
| feisty |
Released
(1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0)
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
|
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| upstream |
Not vulnerable
(1.1.8)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Released
(2.0.0.12+nobinonly-0ubuntu0.7.10.0)
|
|
| hardy |
Released
(2.0.0.12+nobinonly-0ubuntu1)
|
|
| intrepid |
Released
(2.0.0.12+nobinonly-0ubuntu1)
|
|
| upstream |
Released
(2.0.0.12)
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Ignored
(end of life, was needs-triage)
|
|
| feisty |
Ignored
(end of life, was needs-triage)
|
|
| gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
| hardy |
Released
(1.8.1.13+nobinonly-0ubuntu1)
|
|
| intrepid |
Released
(1.8.1.13+nobinonly-0ubuntu1)
|
|
| upstream |
Released
(1.8.1.13)
|