Firefox .url Shortcut File Information Disclosure Vulnerability Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser, that is prone to information disclosure vulnerability.

Impact

Successful remote exploitation could result in disclosure of sensitive information. Impact Level: System

Solution

Upgrade to Firefox version 3.6.3 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all-older.html

Insight

The Browser does not properly identify the context of Windows .url shortcut files, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem.

Affected

Firefox version 3.0.1 to 3.0.3 on Windows.

References

http://liudieyu0.blog124.fc2.com/blog-entry-6.html
http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4582

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Arris DOCSIS Password Disclosure
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities