Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1839

Overview

Vulnerability Score 5.4 5.4
CVE Id CVE-2009-1839
Last Modified 21 Aug 2010 01:32:46
Published 12 Jun 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-1839

Summary

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.10

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8

  • Mozilla Firefox 3.0.9

  • Mozilla Firefox 3.0beta5

  • Mozilla Firefox 3.1


References

VUPEN - ADV-2009-1572

BID - 35326

FEDORA - FEDORA-2009-6411

FEDORA - FEDORA-2009-6366

REDHAT - RHSA-2009:1095

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=503581

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=479943

BID - 35386

CONFIRM - http://www.mozilla.org/security/announce/2009/mfsa2009-30.html

DEBIAN - DSA-1820

SUNALERT - 264308

SLACKWARE - SSA:2009-167-01

SECUNIA - 35468

SECUNIA - 35431

SECUNIA - 35415

SECUNIA - 35331

OSVDB - 55163


Last Updated: 27 May 2016 10:50:42