CVE-2007-3072 — Path Traversal in Mozilla Firefox

CWE-22 — Path Traversal2 documents2 sources

Severity

7.1HIGHNVD

EPSS

0.7%

top 29.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJun 6

Latest updateMay 1

Description

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDmozilla/firefox4 versions+3

🔴Vulnerability Details

GHSA

GHSA-vfwg-qrxc-vgjm: Directory traversal vulnerability in Mozilla Firefox before 2↗2022-05-01

▶