Upstream information
Description
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.NVD CVSS v2 Base Score: 5.4 (AV:N/AC:H/Au:N/C:C/I:N/A:N)
Novell/SUSE information
Novell Bugzilla entry: 470074 SUSE Security Advisories:- SUSE-SA:2009:009, published Mon, 16 Feb 2009 10:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|