Firefox .url Shortcut File Information Disclosure Vulnerability Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser, that is prone to information disclosure vulnerability.

Impact

Successful remote exploitation could result in disclosure of sensitive information. Impact Level: System

Solution

Upgrade to Firefox version 3.6.3 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all-older.html

Insight

The Browser does not properly identify the context of Windows .url shortcut files, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem.

Affected

Firefox version 3.0.1 to 3.0.3 on Windows.

References

http://liudieyu0.blog124.fc2.com/blog-entry-6.html
http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4582

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Apache /server-info accessible

Take action and discover your vulnerabilities