CVE-2009-0357

2009-02-0400:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly
restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2
HTTP response headers, which allows remote attackers to obtain sensitive
information from cookies via XMLHttpRequest calls, related to the HTTPOnly
protection mechanism.

Notes

Author	Note
jdstrand	CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

Author

Note

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.15~prepatch080614j-0ubuntu1UNKNOWN
ubuntu7.10noarchfirefox< 2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1UNKNOWN
ubuntu8.04noarchseamonkey< 1.1.15+nobinonly-0ubuntu0.8.04.2UNKNOWN
ubuntu8.10noarchseamonkey< 1.1.15+nobinonly-0ubuntu0.8.10.2UNKNOWN
ubuntu9.04noarchseamonkey< 1.1.15+nobinonly-0ubuntu2UNKNOWN
ubuntu9.10noarchseamonkey< 1.1.15+nobinonly-0ubuntu2UNKNOWN
ubuntu10.04noarchseamonkey< 1.1.15+nobinonly-0ubuntu2UNKNOWN
ubuntu10.10noarchseamonkey< 1.1.15+nobinonly-0ubuntu2UNKNOWN
ubuntu11.04noarchseamonkey< 1.1.15+nobinonly-0ubuntu2UNKNOWN
ubuntu7.10noarchxulrunner< 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.15~prepatch080614j-0ubuntu1	UNKNOWN
ubuntu	7.10	noarch	firefox	< 2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1	UNKNOWN
ubuntu	8.04	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu0.8.04.2	UNKNOWN
ubuntu	8.10	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu0.8.10.2	UNKNOWN
ubuntu	9.04	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu2	UNKNOWN
ubuntu	9.10	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu2	UNKNOWN
ubuntu	10.04	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu2	UNKNOWN
ubuntu	10.10	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu2	UNKNOWN
ubuntu	11.04	noarch	seamonkey	< 1.1.15+nobinonly-0ubuntu2	UNKNOWN
ubuntu	7.10	noarch	xulrunner	< 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1	UNKNOWN