You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2008-30

Mozilla Foundation Security Advisory 2008-30

Title: File location URL in directory listings not escaped properly
Impact: Low
Announced: July 1, 2008
Reporter: Masahiro Yamada
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.15
  SeaMonkey 1.1.10

Description

Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether.

References