CVE-2009-0355 — Mozilla Firefox vulnerability

CWE-2646 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

2.4%

top 14.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedFeb 4

Latest updateMay 2

Description

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

CVSS vector

AV:N/AC:H/C:C/I:N/A:NExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

▶NVDmozilla/firefox3.0.5+80

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2q7-pj3w-pr6f: components/sessionstore/src/nsSessionStore↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-02-10

▶

Ubuntu

Firefox vulnerabilities↗2009-02-10

▶

Red Hat

Firefox local file stealing with SessionStore↗2009-02-03

▶

💬Community

Bugzilla

CVE-2009-0355 Firefox local file stealing with SessionStore↗2009-01-29

▶