Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.debian.org/security/2011/dsa-2228 | vendor-advisory x_refsource_DEBIAN |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 | vendor-advisory x_refsource_MANDRIVA |
| https://bugzilla.mozilla.org/show_bug.cgi?id=624764 | x_refsource_CONFIRM |
| http://www.mozilla.org/security/announce/2011/mfsa2011-16.html | x_refsource_CONFIRM |
| http://www.debian.org/security/2011/dsa-2235 | vendor-advisory x_refsource_DEBIAN |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14058 | vdb-entry signature x_refsource_OVAL |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 | vendor-advisory x_refsource_MANDRIVA |
| http://www.debian.org/security/2011/dsa-2227 | vendor-advisory x_refsource_DEBIAN |
| http://downloads.avaya.com/css/P8/documents/100144158 | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.debian.org/security/2011/dsa-2228 | vendor-advisory x_refsource_DEBIAN x_transferred |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 | vendor-advisory x_refsource_MANDRIVA x_transferred |
| https://bugzilla.mozilla.org/show_bug.cgi?id=624764 | x_refsource_CONFIRM x_transferred |
| http://www.mozilla.org/security/announce/2011/mfsa2011-16.html | x_refsource_CONFIRM x_transferred |
| http://www.debian.org/security/2011/dsa-2235 | vendor-advisory x_refsource_DEBIAN x_transferred |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14058 | vdb-entry signature x_refsource_OVAL x_transferred |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 | vendor-advisory x_refsource_MANDRIVA x_transferred |
| http://www.debian.org/security/2011/dsa-2227 | vendor-advisory x_refsource_DEBIAN x_transferred |
| http://downloads.avaya.com/css/P8/documents/100144158 | x_refsource_CONFIRM x_transferred |
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |