CVE-2009-1307 Information

Feb 14, 2021 cve

Description

The view-source: URI implementation in Mozilla Firefox before 3.0.9 Thunderbird and SeaMonkey does not properly implement the Same Origin Policy which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read create or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1797 http://www.debian.org/security/2009/dsa-1830 http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://www.mozilla.org/security/announce/2009/mfsa2009-17.html http://www.redhat.com/support/errata/RHSA-2009-0436.html http://www.redhat.com/support/errata/RHSA-2009-1125.html http://www.redhat.com/support/errata/RHSA-2009-1126.html http://www.securityfocus.com/bid/34656 http://www.securitytracker.com/id?1022093 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275 http://www.ubuntu.com/usn/usn-782-1 http://www.vupen.com/english/advisories/2009/1125 https://bugzilla.mozilla.org/show_bug.cgi?id=481342 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10972 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5933 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6154 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6266 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7008 https://usn.ubuntu.com/764-1/ https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

Share on: