[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1307

Date: (C)2009-04-22   (M)2017-11-18 


The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1022093
SUNALERT-264308
BID-34656
SECUNIA-34758
SECUNIA-34780
SECUNIA-34843
SECUNIA-34844
SECUNIA-34894
SECUNIA-35042
SECUNIA-35065
SECUNIA-35536
SECUNIA-35561
SECUNIA-35602
SECUNIA-35882
ADV-2009-1125
DSA-1797
DSA-1830
FEDORA-2009-3875
FEDORA-2009-7567
FEDORA-2009-7614
MDVSA-2009:111
MDVSA-2009:141
RHSA-2009:0436
RHSA-2009:0437
RHSA-2009:1125
RHSA-2009:1126
SSA:2009-176-01
SSA:2009-178-01
SUSE-SR:2009:010
USN-764-1
USN-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=481342

CPE    83
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
...
CWE    1
CWE-20
OVAL    68
oval:org.secpod.oval:def:300871
oval:org.secpod.oval:def:202130
oval:org.mitre.oval:def:5933
oval:org.secpod.oval:def:500513
...

© 2013 SecPod Technologies