Vulnerability Description
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.0.8 |
| Mozilla | Seamonkey | All versions |
| Mozilla | Thunderbird | All versions |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2009-0437.html
- http://secunia.com/advisories/34758
- http://secunia.com/advisories/34780
- http://secunia.com/advisories/34843
- http://secunia.com/advisories/34844
- http://secunia.com/advisories/34894
- http://secunia.com/advisories/35042
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/35536
- http://secunia.com/advisories/35561
- http://secunia.com/advisories/35602
- http://secunia.com/advisories/35882
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
FAQ
What is CVE-2009-1307?
CVE-2009-1307 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdom...
How severe is CVE-2009-1307?
CVE-2009-1307 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1307?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.