Lucene search

K

PRIOn knowledge basePRION:CVE-2009-1309

HistoryApr 22, 2009 - 6:30 p.m.

Cross site scripting

2009-04-2218:30:00

PRIOn knowledge base

www.prio-n.com

5

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document’s principal, and (2) XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq0.9.0-rc
firefoxeq0.8
firefoxeq2.0.0.12
firefoxeq1.5 beta2
firefoxeq2.0.7
firefoxeq3.0.7
firefoxeq1.5.2
firefoxeq1.5.0.6
firefoxeq1.8

Rows per page:

1-10 of 1001

References

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

rhn.redhat.com/errata/RHSA-2009-0437.html

secunia.com/advisories/34758

secunia.com/advisories/34780

secunia.com/advisories/34843

secunia.com/advisories/34844

secunia.com/advisories/34894

secunia.com/advisories/35042

secunia.com/advisories/35065

secunia.com/advisories/35536

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1797

www.mandriva.com/security/advisories?name=MDVSA-2009:111

www.mandriva.com/security/advisories?name=MDVSA-2009:141

www.mozilla.org/security/announce/2009/mfsa2009-19.html

www.redhat.com/support/errata/RHSA-2009-0436.html

www.redhat.com/support/errata/RHSA-2009-1125.html

www.redhat.com/support/errata/RHSA-2009-1126.html

www.securityfocus.com/bid/34656

www.securitytracker.com/id?1022094

www.ubuntu.com/usn/usn-782-1

www.vupen.com/english/advisories/2009/1125

bugzilla.mozilla.org/show_bug.cgi?id=478433

bugzilla.mozilla.org/show_bug.cgi?id=482206

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494

usn.ubuntu.com/764-1/

www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

Related for PRION:CVE-2009-1309

securityvulns2 mozilla1 ubuntucve1 cve1 veracode1 openvas69 oraclelinux3 nessus29 redhat4 centos4 debian1 osv1 freebsd1 ubuntu2 fedora39 gentoo1