CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

🔗 References (88)

• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2008-0616.html
• secalert@redhathttp://secunia.com/advisories/30878
• secalert@redhathttp://secunia.com/advisories/30898
• secalert@redhathttp://secunia.com/advisories/30903
• secalert@redhathttp://secunia.com/advisories/30911
• secalert@redhathttp://secunia.com/advisories/30949
• secalert@redhathttp://secunia.com/advisories/31005
• secalert@redhathttp://secunia.com/advisories/31008
• secalert@redhathttp://secunia.com/advisories/31021
• secalert@redhathttp://secunia.com/advisories/31023
• secalert@redhathttp://secunia.com/advisories/31069
• secalert@redhathttp://secunia.com/advisories/31076
• secalert@redhathttp://secunia.com/advisories/31183
• secalert@redhathttp://secunia.com/advisories/31195