Lucene search

K

PRIOn knowledge basePRION:CVE-2009-1306

HistoryApr 22, 2009 - 6:30 p.m.

Cross site scripting

2009-04-2218:30:00

PRIOn knowledge base

www.prio-n.com

3

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.0%

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a “Content-Disposition: attachment” designation.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq0.9.0-rc
firefoxeq0.8
firefoxeq2.0.0.12
firefoxeq1.5 beta2
firefoxeq2.0.7
firefoxeq3.0.7
firefoxeq1.5.2
firefoxeq1.5.0.6
firefoxeq1.8

Rows per page:

1-10 of 1001

References

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

rhn.redhat.com/errata/RHSA-2009-0437.html

secunia.com/advisories/34758

secunia.com/advisories/34780

secunia.com/advisories/34843

secunia.com/advisories/34844

secunia.com/advisories/34894

secunia.com/advisories/35042

secunia.com/advisories/35065

secunia.com/advisories/35536

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1797

www.mandriva.com/security/advisories?name=MDVSA-2009:111

www.mandriva.com/security/advisories?name=MDVSA-2009:141

www.mozilla.org/security/announce/2009/mfsa2009-16.html

www.redhat.com/support/errata/RHSA-2009-0436.html

www.redhat.com/support/errata/RHSA-2009-1125.html

www.redhat.com/support/errata/RHSA-2009-1126.html

www.securityfocus.com/bid/34656

www.securitytracker.com/id?1022095

www.ubuntu.com/usn/usn-782-1

www.vupen.com/english/advisories/2009/1125

bugzilla.mozilla.org/show_bug.cgi?id=474536

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710

usn.ubuntu.com/764-1/

www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.0%

Related for PRION:CVE-2009-1306

securityvulns2 ubuntucve1 veracode1 cve1 mozilla1 openvas65 oraclelinux3 nessus24 centos4 redhat4 osv1 freebsd1 ubuntu2 debian1 fedora39 gentoo1