Vulnerabilities

CVE-2009-0355

by Fred · 04/02/2009

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

Date published : 2009-02-04

http://www.securityfocus.com/bid/33598

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

Similar

Tags: Cybersecurity Alert