Cross-Domain File Disclosure Vulnerability in Firefox and Mozilla

Cross-Domain File Disclosure Vulnerability in Firefox and Mozilla

CVE-2005-0588 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

Learn more about our Web Application Penetration Testing UK.