CVE-2009-0355
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
Learn more about our Cis Benchmark Audit For Mozilla Firefox.
Learn more about our Cis Benchmark Audit For Mozilla Firefox.