Lucene search

PRIOn knowledge basePRION:CVE-2009-1307

HistoryApr 22, 2009 - 6:30 p.m.

Design/Logic Flaw

2009-04-2218:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq0.9.0-rc
firefoxeq0.8
firefoxeq2.0.0.12
firefoxeq1.5 beta2
firefoxeq3.0.7
firefoxeq1.5.2
firefoxeq1.5.0.6
firefoxeq1.8
firefoxeq2.0.0.2

Name	Operator	Version
firefox	eq	0.1
firefox	eq	0.9.0-rc
firefox	eq	0.8
firefox	eq	2.0.0.12
firefox	eq	1.5 beta2
firefox	eq	3.0.7
firefox	eq	1.5.2
firefox	eq	1.5.0.6
firefox	eq	1.8
firefox	eq	2.0.0.2

Rows per page:

1-10 of 921

References

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

rhn.redhat.com/errata/RHSA-2009-0437.html

secunia.com/advisories/34758

secunia.com/advisories/34780

secunia.com/advisories/34843

secunia.com/advisories/34844

secunia.com/advisories/34894

secunia.com/advisories/35042

secunia.com/advisories/35065

secunia.com/advisories/35536

secunia.com/advisories/35561

secunia.com/advisories/35602

secunia.com/advisories/35882

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1797

www.debian.org/security/2009/dsa-1830

www.mandriva.com/security/advisories?name=MDVSA-2009:111

www.mandriva.com/security/advisories?name=MDVSA-2009:141

www.mozilla.org/security/announce/2009/mfsa2009-17.html

www.redhat.com/support/errata/RHSA-2009-0436.html

www.redhat.com/support/errata/RHSA-2009-1125.html

www.redhat.com/support/errata/RHSA-2009-1126.html

www.securityfocus.com/bid/34656

www.securitytracker.com/id?1022093

www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275

www.ubuntu.com/usn/usn-782-1

www.vupen.com/english/advisories/2009/1125

bugzilla.mozilla.org/show_bug.cgi?id=481342

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008

usn.ubuntu.com/764-1/

www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Related for PRION:CVE-2009-1307