Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions

2006.05.27
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

if the exception raises in some extension in the user profile and the page can catch path to the user profile and so a remote attacker will know the user login PoC: https://bugzilla.mozilla.org/attachment.cgi?id=164547


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top