Lucene search

[email protected]NVD:CVE-2009-1835

HistoryJun 12, 2009 - 9:30 p.m.

CVE-2009-1835

2009-06-1221:30:00

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.0.10

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.3

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.9_rc

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.6linux

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.4.1

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta_1

mozillafirefoxMatch2.0beta1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch2.0.0.21

mozillafirefoxMatch2.0_.1

mozillafirefoxMatch2.0_.4

mozillafirefoxMatch2.0_.5

mozillafirefoxMatch2.0_.6

mozillafirefoxMatch2.0_.7

mozillafirefoxMatch2.0_.9

mozillafirefoxMatch2.0_.10

mozillafirefoxMatch2.0_8

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillaseamonkeyRange≤1.1.16

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0dev

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.0.99

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.51.1.10

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.15

References

osvdb.org/55161

rhn.redhat.com/errata/RHSA-2009-1096.html

secunia.com/advisories/35331

secunia.com/advisories/35415

secunia.com/advisories/35428

secunia.com/advisories/35431

secunia.com/advisories/35439

secunia.com/advisories/35468

secunia.com/advisories/35561

secunia.com/advisories/35882

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408

sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1

www.debian.org/security/2009/dsa-1820

www.mozilla.org/security/announce/2009/mfsa2009-26.html

www.securityfocus.com/bid/35326

www.securityfocus.com/bid/35391

www.vupen.com/english/advisories/2009/1572

www.vupen.com/english/advisories/2009/2152

bugzilla.mozilla.org/show_bug.cgi?id=491801

bugzilla.redhat.com/show_bug.cgi?id=503576

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9803

rhn.redhat.com/errata/RHSA-2009-1095.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for NVD:CVE-2009-1835

cve1 mozilla1 securityvulns2 ubuntucve1 veracode1 prion1 cvelist1 oraclelinux2 openvas50 centos2 nessus28 redhat2 fedora41 osv1 debian1 freebsd1 suse1 ubuntu1 gentoo1