Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1307

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1307
Last Modified 21 Aug 2010 01:31:49
Published 22 Apr 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1307

Summary

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Vulnerable Systems

Application

  • Mozilla Firefox 0.1

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.2

  • Mozilla Firefox 0.3

  • Mozilla Firefox 0.4

  • Mozilla Firefox 0.5

  • Mozilla Firefox 0.6

  • Mozilla Firefox 0.6.1

  • Mozilla Firefox 0.7

  • Mozilla Firefox 0.7.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9 Rc

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.15

  • Mozilla Firefox 2.0.0.16

  • Mozilla Firefox 2.0.0.17

  • Mozilla Firefox 2.0.0.18

  • Mozilla Firefox 2.0.0.19

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.20

  • Mozilla Firefox 2.0.0.21

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8

  • Mozilla Firefox 3.0beta5

  • Mozilla Seamonkey

  • Mozilla Thunderbird


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=481342

FEDORA - FEDORA-2009-7614

FEDORA - FEDORA-2009-7567

FEDORA - FEDORA-2009-3875

VUPEN - ADV-2009-1125

UBUNTU - USN-764-1

UBUNTU - USN-782-1

SLACKWARE - SSA:2009-178-01

SECTRACK - 1022093

BID - 34656

REDHAT - RHSA-2009:1126

REDHAT - RHSA-2009:1125

REDHAT - RHSA-2009:0436

CONFIRM - http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

MANDRIVA - MDVSA-2009:141

MANDRIVA - MDVSA-2009:111

DEBIAN - DSA-1830

DEBIAN - DSA-1797

SUNALERT - 264308

SLACKWARE - SSA:2009-176-01

SECUNIA - 35882

SECUNIA - 35602

SECUNIA - 35561

SECUNIA - 35536

SECUNIA - 35065

SECUNIA - 35042

SECUNIA - 34894

SECUNIA - 34844

SECUNIA - 34843

SECUNIA - 34780

SECUNIA - 34758

REDHAT - RHSA-2009:0437

SUSE - SUSE-SR:2009:010


Last Updated: 27 May 2016 10:50:32