Cross-Domain File Disclosure Vulnerability in Firefox and Mozilla
CVE-2005-0588 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Learn more about our Web Application Penetration Testing UK.