Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20116
HistoryJul 03, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-30

2008-07-0300:00:00
vulners.com
25

Mozilla Foundation Security Advisory 2008-30

Title: File location URL in directory listings not escaped properly
Impact: Low
Announced: July 1, 2008
Reporter: Masahiro Yamada
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.15
SeaMonkey 1.1.10
Description

Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=411433
* CVE-2008-2808
Related for SECURITYVULNS:DOC:20116