Mozilla Firefox Unspecified Arbitrary File Access Weakness
BID:29905
Info
Mozilla Firefox Unspecified Arbitrary File Access Weakness
| Bugtraq ID: | 29905 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 23 2008 12:00AM |
| Updated: | Jun 24 2008 11:21PM |
| Credit: | Billy (BK) Rios |
| Vulnerable: |
Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .8 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox Unspecified Arbitrary File Access Weakness
Mozilla Firefox is prone to a weakness that may allow attackers to gain access to arbitrary files.
Very little information is known about this issue. We will update this BID as soon as more information emerges.
An attacker can exploit this issue in conjunction with the 'carpet-bombing' issue reported by Nitest Dhanjani to gain access to arbitrary files on the affected computer. Successfully exploiting this issue may lead to other attacks.
NOTE: This issue is related to the vulnerability discussed in BID 29445 (Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability).
Mozilla Firefox is prone to a weakness that may allow attackers to gain access to arbitrary files.
Very little information is known about this issue. We will update this BID as soon as more information emerges.
An attacker can exploit this issue in conjunction with the 'carpet-bombing' issue reported by Nitest Dhanjani to gain access to arbitrary files on the affected computer. Successfully exploiting this issue may lead to other attacks.
NOTE: This issue is related to the vulnerability discussed in BID 29445 (Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability).
Exploit / POC
Mozilla Firefox Unspecified Arbitrary File Access Weakness
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Mozilla Firefox Unspecified Arbitrary File Access Weakness
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Mozilla Firefox Unspecified Arbitrary File Access Weakness
References:
References:
- Clarification for �??BK on Safari, hunting Firefox (Billy (BK) Rios)
- Safari Carpet Bomb (Nitesh Dhanjani)
- Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco)