CVE-2009-1307
Firefox < 3.0.9 - Same Origin Policy Bypass via view-source: URI
Title source: llmDescription
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
References (38)
Core 38
Core References
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34894
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1125
Vendor Advisory vendor-advisory
x_refsource_slackware
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1830
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34758
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35536
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35602
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1125.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34844
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-782-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35065
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022093
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35882
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/764-1/
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35042
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34656
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34843
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1797
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35561
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0437.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0436.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1126.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34780
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=481342
Scores
EPSS
0.0218
EPSS Percentile
80.3%
Details
CWE
CWE-20
Status
published
Products (45)
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.3
mozilla/firefox
0.4
mozilla/firefox
0.5
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.7.1
mozilla/firefox
0.8
... and 35 more
Published
Apr 22, 2009
Tracked Since
Feb 18, 2026