Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0354

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2009-0354
Last Modified 12 Sep 2011 11:00:09
Published 04 Feb 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-0354

Summary

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5


References

FEDORA - FEDORA-2009-1399

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=468581

VUPEN - ADV-2009-0313

UBUNTU - USN-717-1

SECTRACK - 1021664

BID - 33598

CONFIRM - http://www.mozilla.org/security/announce/2009/mfsa2009-02.html

MANDRIVA - MDVSA-2009:044

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

SECUNIA - 33869

SECUNIA - 33846

SECUNIA - 33841

SECUNIA - 33831

SECUNIA - 33809

SECUNIA - 33799

REDHAT - RHSA-2009:0256

SUSE - SUSE-SA:2009:009


Last Updated: 27 May 2016 10:50:12