[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1307

Date: (C)2009-04-22   (M)2017-10-04
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Reference:
SECTRACK-1022093
SUNALERT-264308
BID-34656
SECUNIA-34758
SECUNIA-34780
SECUNIA-34843
SECUNIA-34844
SECUNIA-34894
SECUNIA-35042
SECUNIA-35065
SECUNIA-35536
SECUNIA-35561
SECUNIA-35602
SECUNIA-35882
ADV-2009-1125
DSA-1797
DSA-1830
FEDORA-2009-3875
FEDORA-2009-7567
FEDORA-2009-7614
MDVSA-2009:111
MDVSA-2009:141
RHSA-2009:0436
RHSA-2009:0437
RHSA-2009:1125
RHSA-2009:1126
SSA:2009-176-01
SSA:2009-178-01
SUSE-SR:2009:010
USN-764-1
USN-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=481342

CPE    83
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox:2.0.0.20
cpe:/a:mozilla:firefox:2.0.0.19
cpe:/a:mozilla:firefox:2.0.0.18
...
CWE    1
CWE-20
OVAL    68
oval:org.secpod.oval:def:600251
oval:org.mitre.oval:def:8036
oval:org.secpod.oval:def:300871
oval:org.secpod.oval:def:202130
...

© 2013 SecPod Technologies