Security Advisory

CVE-2009-0355

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-02-04 19:00:00

Last updated 2024-08-07 04:31:25

Assigner redhat

State PUBLISHED

Description

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

← Browse all CVEs View on cve.org ↗