CVE-2009-1307

2009-04-2200:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

The view-source: URI implementation in Mozilla Firefox before 3.0.9,
Thunderbird, and SeaMonkey does not properly implement the Same Origin
Policy, which allows remote attackers to (1) bypass crossdomain.xml
restrictions and connect to arbitrary web sites via a Flash file; (2) read,
create, or modify Local Shared Objects via a Flash file; or (3) bypass
unspecified restrictions and render content via vectors involving a jar:
URI.

Notes

Author	Note
jdstrand	CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

Author

Note

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchseamonkey< 1.1.17+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchseamonkey< 1.1.17+nobinonly-0ubuntu0.8.10.1UNKNOWN
ubuntu9.04noarchseamonkey< 1.1.17+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchseamonkey< 1.1.17+nobinonly-0ubuntu1UNKNOWN
ubuntu10.04noarchseamonkey< 1.1.17+nobinonly-0ubuntu1UNKNOWN
ubuntu10.10noarchseamonkey< 1.1.17+nobinonly-0ubuntu1UNKNOWN
ubuntu11.04noarchseamonkey< 1.1.17+nobinonly-0ubuntu1UNKNOWN
ubuntu11.10noarchseamonkey< 1.1.17+nobinonly-0ubuntu1UNKNOWN
ubuntu8.04noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	8.10	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu0.8.10.1	UNKNOWN
ubuntu	9.04	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu0.9.04.1	UNKNOWN
ubuntu	9.10	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu1	UNKNOWN
ubuntu	10.04	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu1	UNKNOWN
ubuntu	10.10	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu1	UNKNOWN
ubuntu	11.04	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu1	UNKNOWN
ubuntu	11.10	noarch	seamonkey	< 1.1.17+nobinonly-0ubuntu1	UNKNOWN
ubuntu	8.04	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	8.10	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1	UNKNOWN