[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-1307Date: (C)2009-04-22   (M)2018-06-20


The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022093
SUNALERT-264308
BID-34656
SECUNIA-34758
SECUNIA-34780
SECUNIA-34843
SECUNIA-34844
SECUNIA-34894
SECUNIA-35042
SECUNIA-35065
SECUNIA-35536
SECUNIA-35561
SECUNIA-35602
SECUNIA-35882
ADV-2009-1125
DSA-1797
DSA-1830
FEDORA-2009-3875
FEDORA-2009-7567
FEDORA-2009-7614
MDVSA-2009:111
MDVSA-2009:141
RHSA-2009:0436
RHSA-2009:0437
RHSA-2009:1125
RHSA-2009:1126
SSA:2009-176-01
SSA:2009-178-01
SUSE-SR:2009:010
USN-764-1
USN-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=481342

CPE    83
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
...
CWE    1
CWE-20
OVAL    68
oval:org.secpod.oval:def:202034
oval:org.secpod.oval:def:101698
oval:org.secpod.oval:def:202714
oval:org.secpod.oval:def:101694
...

© SecPod Technologies