CVE-2009-1307
N/A
N/A
Summary
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
- http://secunia.com/advisories/34894
- http://www.vupen.com/english/advisories/2009/1125
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
- http://www.debian.org/security/2009/dsa-1830
- http://secunia.com/advisories/34758
- http://secunia.com/advisories/35536
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
- http://secunia.com/advisories/35602
- http://www.redhat.com/support/errata/RHSA-2009-1125.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
- http://secunia.com/advisories/34844
- http://www.ubuntu.com/usn/usn-782-1
- http://secunia.com/advisories/35065
- http://www.securitytracker.com/id?1022093
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
- http://secunia.com/advisories/35882
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
- https://usn.ubuntu.com/764-1/
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
- http://secunia.com/advisories/35042
- http://www.securityfocus.com/bid/34656
- http://secunia.com/advisories/34843
- http://www.debian.org/security/2009/dsa-1797
- http://secunia.com/advisories/35561
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
- http://rhn.redhat.com/errata/RHSA-2009-0437.html
- http://www.redhat.com/support/errata/RHSA-2009-0436.html
- http://www.redhat.com/support/errata/RHSA-2009-1126.html
- http://secunia.com/advisories/34780
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=481342
References
- http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
- http://secunia.com/advisories/34894
- http://www.vupen.com/english/advisories/2009/1125
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
- http://www.debian.org/security/2009/dsa-1830
- http://secunia.com/advisories/34758
- http://secunia.com/advisories/35536
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
- http://secunia.com/advisories/35602
- http://www.redhat.com/support/errata/RHSA-2009-1125.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
- http://secunia.com/advisories/34844
- http://www.ubuntu.com/usn/usn-782-1
- http://secunia.com/advisories/35065
- http://www.securitytracker.com/id?1022093
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
- http://secunia.com/advisories/35882
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
- https://usn.ubuntu.com/764-1/
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
- http://secunia.com/advisories/35042
- http://www.securityfocus.com/bid/34656
- http://secunia.com/advisories/34843
- http://www.debian.org/security/2009/dsa-1797
- http://secunia.com/advisories/35561
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
- http://rhn.redhat.com/errata/RHSA-2009-0437.html
- http://www.redhat.com/support/errata/RHSA-2009-0436.html
- http://www.redhat.com/support/errata/RHSA-2009-1126.html
- http://secunia.com/advisories/34780
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=481342
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.