[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

103942

 
 

909

 
 

84057

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-1307Date: (C)2009-04-22   (M)2017-10-04


The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1022093
SUNALERT-264308
BID-34656
SECUNIA-34758
SECUNIA-34780
SECUNIA-34843
SECUNIA-34844
SECUNIA-34894
SECUNIA-35042
SECUNIA-35065
SECUNIA-35536
SECUNIA-35561
SECUNIA-35602
SECUNIA-35882
ADV-2009-1125
DSA-1797
DSA-1830
FEDORA-2009-3875
FEDORA-2009-7567
FEDORA-2009-7614
MDVSA-2009:111
MDVSA-2009:141
RHSA-2009:0436
RHSA-2009:0437
RHSA-2009:1125
RHSA-2009:1126
SSA:2009-176-01
SSA:2009-178-01
SUSE-SR:2009:010
USN-764-1
USN-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=481342

CPE    83
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:firefox:0.8
cpe:/a:mozilla:firefox:0.7
...
CWE    1
CWE-20
OVAL    68
oval:org.secpod.oval:def:300871
oval:org.secpod.oval:def:202130
oval:org.mitre.oval:def:5933
oval:org.secpod.oval:def:500513
...

© 2013 SecPod Technologies