Mozilla Firefox Resource Directory Traversal Vulnerability

Bugtraq ID:	24191
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 28 2007 12:00AM
Updated:	May 31 2007 08:41PM
Credit:	BK is credited with the discovery of this issue.
Vulnerable:	Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 .6 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 + Gentoo Linux Mozilla Firefox 1.0.2 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.2 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 Mozilla Firefox 1.0.1 + Redhat Fedora Core3 Mozilla Firefox 1.0 + Gentoo Linux + Gentoo Linux + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 9.0 + Slackware Linux 10.1 + Slackware Linux 10.0 + Slackware Linux 10.0 + Slackware Linux 9.1 + Slackware Linux 9.1 + Slackware Linux -current + Slackware Linux -current Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.8 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.1
Not Vulnerable:

Mozilla Firefox Resource Directory Traversal Vulnerability

Mozilla Firefox is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

An attacker can exploit this issue to access arbitrary files on an unsuspecting user's computer. Successful exploits can expose potentially sensitive information that could aid in further attacks.

Firefox 2.0.0.3 and prior versions are vulnerable.

Mozilla Firefox Resource Directory Traversal Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to visit a specially crafted webpage.

A proof-of-concept webpage has been made available; please see the references for more information.

Mozilla Firefox Resource Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Mozilla Firefox Resource Directory Traversal Vulnerability

References:

• Firefox 0day local file reading (Thor Larholm)
  
• Bug 367428 �?? resource:// directory traversal (Mozilla)
  
• Mozilla Homepage (Mozilla Foundation)
  
• Proof-of-concept webpage (Thor Larholm)