CVE-2008-4582

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.1 through 3.0.3 Mozilla Firefox 2.x before 2.0.0.18 SeaMonkey 1.x before 1.1.13

Description The issue allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem. This can be demonstrated by documents in local folders, Windows share folders, and RAR archives, as well as by IFRAMEs referencing shortcuts that point to specific about:cache pages.

Recommendations For Mozilla Firefox versions 3.0.1 through 3.0.3, update to a version outside of this range to resolve the issue. For Mozilla Firefox 2.x before 2.0.0.18, update to version 2.0.0.18 or later to resolve the issue. For SeaMonkey 1.x before 1.1.13, update to version 1.1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to HTML documents in local folders, Windows share folders, and RAR archives to minimize the risk of exploitation. Avoid using IFRAMEs that reference shortcuts pointing to about:cache?device=memory and about:cache?device=disk until the issue is resolved.