CVE-2009-1307

Firefox < 3.0.9 - Same Origin Policy Bypass via view-source: URI

Title source: llm
STIX 2.1

Description

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

References (38)

Core 38
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34894
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1125
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1830
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34758
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35536
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35602
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1125.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34844
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-782-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35065
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022093
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35882
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/764-1/
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35042
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34656
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34843
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1797
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35561
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0437.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0436.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1126.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34780
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

Scores

EPSS 0.0218
EPSS Percentile 80.3%

Details

CWE
CWE-20
Status published
Products (45)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 35 more
Published Apr 22, 2009
Tracked Since Feb 18, 2026