CVE-2009-1307
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.7%
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox | 0.1 | cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:* |
| mozilla | firefox | 0.2 | cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:* |
| mozilla | firefox | 0.3 | cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:* |
| mozilla | firefox | 0.4 | cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:* |
| mozilla | firefox | 0.5 | cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:* |
| mozilla | firefox | 0.6 | cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:* |
| mozilla | firefox | 0.6.1 | cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:* |
| mozilla | firefox | 0.7 | cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:* |
| mozilla | firefox | 0.7.1 | cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
rhn.redhat.com/errata/RHSA-2009-0437.html
secunia.com/advisories/34758
secunia.com/advisories/34780
secunia.com/advisories/34843
secunia.com/advisories/34844
secunia.com/advisories/34894
secunia.com/advisories/35042
secunia.com/advisories/35065
secunia.com/advisories/35536
secunia.com/advisories/35561
secunia.com/advisories/35602
secunia.com/advisories/35882
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
www.debian.org/security/2009/dsa-1797
www.debian.org/security/2009/dsa-1830
www.mandriva.com/security/advisories?name=MDVSA-2009:111
www.mandriva.com/security/advisories?name=MDVSA-2009:141
www.mozilla.org/security/announce/2009/mfsa2009-17.html
www.redhat.com/support/errata/RHSA-2009-0436.html
www.redhat.com/support/errata/RHSA-2009-1125.html
www.redhat.com/support/errata/RHSA-2009-1126.html
www.securityfocus.com/bid/34656
www.securitytracker.com/id?1022093
www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
www.ubuntu.com/usn/usn-782-1
www.vupen.com/english/advisories/2009/1125
bugzilla.mozilla.org/show_bug.cgi?id=481342
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
usn.ubuntu.com/764-1/
www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.7%