CVE-2009-1307

medium

Description

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

References

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://rhn.redhat.com/errata/RHSA-2009-0437.html

https://bugzilla.mozilla.org/show_bug.cgi?id=481342

http://secunia.com/advisories/34758

http://secunia.com/advisories/34780

http://secunia.com/advisories/34843

http://secunia.com/advisories/34844

http://secunia.com/advisories/34894

http://secunia.com/advisories/35042

http://secunia.com/advisories/35065

http://secunia.com/advisories/35536

http://secunia.com/advisories/35561

http://secunia.com/advisories/35602

http://secunia.com/advisories/35882

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

https://usn.ubuntu.com/764-1/

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

http://www.debian.org/security/2009/dsa-1797

http://www.debian.org/security/2009/dsa-1830

http://www.mandriva.com/security/advisories?name=MDVSA-2009:111

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

http://www.redhat.com/support/errata/RHSA-2009-0436.html

http://www.redhat.com/support/errata/RHSA-2009-1125.html

http://www.redhat.com/support/errata/RHSA-2009-1126.html

http://www.securitytracker.com/id?1022093

http://www.ubuntu.com/usn/usn-782-1

http://www.vupen.com/english/advisories/2009/1125

Details

Source: Mitre, NVD

Published: 2009-04-22

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium