Vulnerability-Lookup

CVE-2009-1307 (GCVE-0-2009-1307)

Vulnerability from cvelistv5 – Published: 2009-04-22 18:00 – Updated: 2024-08-07 05:04

Summary

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.mozilla.org/security/announce/2009/mfs…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/34894	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/1125	vdb-entryx_refsource_VUPEN
	http://www.slackware.com/security/viewer.php?l=sl…	vendor-advisoryx_refsource_SLACKWARE
	http://www.debian.org/security/2009/dsa-1830	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/34758	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35536	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35602	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/34844	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-782-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/35065	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1022093	vdb-entryx_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/35882	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://usn.ubuntu.com/764-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35042	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/34656	vdb-entryx_refsource_BID
	http://secunia.com/advisories/34843	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1797	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/35561	third-party-advisoryx_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://rhn.redhat.com/errata/RHSA-2009-0437.html	vendor-advisoryx_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2009-04…	vendor-advisoryx_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/34780	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	https://bugzilla.mozilla.org/show_bug.cgi?id=481342	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
          },
          {
            "name": "MDVSA-2009:111",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
          },
          {
            "name": "FEDORA-2009-3875",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6154",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
          },
          {
            "name": "34894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34894"
          },
          {
            "name": "ADV-2009-1125",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1125"
          },
          {
            "name": "SSA:2009-178-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
          },
          {
            "name": "DSA-1830",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1830"
          },
          {
            "name": "34758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34758"
          },
          {
            "name": "35536",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35536"
          },
          {
            "name": "oval:org.mitre.oval:def:10972",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
          },
          {
            "name": "oval:org.mitre.oval:def:7008",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
          },
          {
            "name": "35602",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35602"
          },
          {
            "name": "RHSA-2009:1125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
          },
          {
            "name": "FEDORA-2009-7614",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
          },
          {
            "name": "34844",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34844"
          },
          {
            "name": "USN-782-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-782-1"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "1022093",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022093"
          },
          {
            "name": "FEDORA-2009-7567",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
          },
          {
            "name": "35882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35882"
          },
          {
            "name": "oval:org.mitre.oval:def:6266",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
          },
          {
            "name": "USN-764-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/764-1/"
          },
          {
            "name": "MDVSA-2009:141",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5933",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
          },
          {
            "name": "35042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35042"
          },
          {
            "name": "34656",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34656"
          },
          {
            "name": "34843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34843"
          },
          {
            "name": "DSA-1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1797"
          },
          {
            "name": "35561",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35561"
          },
          {
            "name": "SSA:2009-176-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
          },
          {
            "name": "RHSA-2009:0437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
          },
          {
            "name": "RHSA-2009:0436",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
          },
          {
            "name": "RHSA-2009:1126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
          },
          {
            "name": "34780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34780"
          },
          {
            "name": "264308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
        },
        {
          "name": "MDVSA-2009:111",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
        },
        {
          "name": "FEDORA-2009-3875",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6154",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
        },
        {
          "name": "34894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34894"
        },
        {
          "name": "ADV-2009-1125",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1125"
        },
        {
          "name": "SSA:2009-178-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
        },
        {
          "name": "DSA-1830",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1830"
        },
        {
          "name": "34758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34758"
        },
        {
          "name": "35536",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35536"
        },
        {
          "name": "oval:org.mitre.oval:def:10972",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
        },
        {
          "name": "oval:org.mitre.oval:def:7008",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
        },
        {
          "name": "35602",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35602"
        },
        {
          "name": "RHSA-2009:1125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
        },
        {
          "name": "FEDORA-2009-7614",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
        },
        {
          "name": "34844",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34844"
        },
        {
          "name": "USN-782-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-782-1"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "name": "1022093",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022093"
        },
        {
          "name": "FEDORA-2009-7567",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
        },
        {
          "name": "35882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35882"
        },
        {
          "name": "oval:org.mitre.oval:def:6266",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
        },
        {
          "name": "USN-764-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/764-1/"
        },
        {
          "name": "MDVSA-2009:141",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5933",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
        },
        {
          "name": "35042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35042"
        },
        {
          "name": "34656",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34656"
        },
        {
          "name": "34843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34843"
        },
        {
          "name": "DSA-1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1797"
        },
        {
          "name": "35561",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35561"
        },
        {
          "name": "SSA:2009-176-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
        },
        {
          "name": "RHSA-2009:0437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
        },
        {
          "name": "RHSA-2009:0436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
        },
        {
          "name": "RHSA-2009:1126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
        },
        {
          "name": "34780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34780"
        },
        {
          "name": "264308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1307",
    "datePublished": "2009-04-22T18:00:00.000Z",
    "dateReserved": "2009-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:04:49.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-5CXH-4RWM-2JH3

Vulnerability from github – Published: 2022-05-02 03:23 – Updated: 2025-04-09 04:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-22T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.",
  "id": "GHSA-5cxh-4rwm-2jh3",
  "modified": "2025-04-09T04:08:37Z",
  "published": "2022-05-02T03:23:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1307"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/764-1"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34758"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34780"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34843"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34844"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34894"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35042"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35536"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35561"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35602"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35882"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1797"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1830"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34656"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022093"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-782-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1125"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-157

Vulnerability from certfr_avis - Published: 2009-04-22 - Updated: 2009-04-22

Plusieurs vulnérabilités ont été identifiées dans le navigateur Mozilla Firefox. L'exploitation de celles-ci peut avoir des conséquences variées, du contournement de la politique de sécurité mise en place à l'exécutation de code arbitraire au cours d'une navigation sur une page spécialement construite.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Mozilla Firefox. Parmi celles-ci :

le moteur de navigation Mozilla manipule incorrectement certaines pages Web lorsque l'interprétation de code Javascript est active. Cela provoque une corruption de la mémoire pouvant conduire, sous certaines conditions, à l'exécution de code arbitraire à distance ;
l'interprétation de certains caractères graphiques est prise en compte par l'IDN (International Domain Names) et peut ainsi être détournée pour favoriser des attaques en filoutage (phishing) ;
le module Flash confond l'origine du contenu sous certaines conditions, ce qui permet alors au code interprété d'accéder illégitimement à certaines ressources (accès arbitraires en lecture et écriture des Local Shared Objects par exemple) ;
le navigateur ne manipule pas correctement les données de rafraichissement dans les en-têtes (Refresh) permettant à une page malveillante de lancer des attaques par injection de code indirecte ou à forcer, sous certaines conditions, le navigateur à interpréter du code JavaScript arbitraire dans le contexte d'un site victime.

Solution

Se référer aux avis de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Les versions de Mozilla Firefox antérieures à 3.0.9.

References

Title

Publication Time

FKIE_CVE-2009-1307

Vulnerability from fkie_nvd - Published: 2009-04-22 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2009-0437.html
secalert@redhat.com	http://secunia.com/advisories/34758
secalert@redhat.com	http://secunia.com/advisories/34780
secalert@redhat.com	http://secunia.com/advisories/34843
secalert@redhat.com	http://secunia.com/advisories/34844
secalert@redhat.com	http://secunia.com/advisories/34894
secalert@redhat.com	http://secunia.com/advisories/35042
secalert@redhat.com	http://secunia.com/advisories/35065
secalert@redhat.com	http://secunia.com/advisories/35536
secalert@redhat.com	http://secunia.com/advisories/35561
secalert@redhat.com	http://secunia.com/advisories/35602
secalert@redhat.com	http://secunia.com/advisories/35882
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1797
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1830
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
secalert@redhat.com	http://www.mozilla.org/security/announce/2009/mfsa2009-17.html	Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-0436.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1125.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1126.html
secalert@redhat.com	http://www.securityfocus.com/bid/34656
secalert@redhat.com	http://www.securitytracker.com/id?1022093
secalert@redhat.com	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
secalert@redhat.com	http://www.ubuntu.com/usn/usn-782-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1125
secalert@redhat.com	https://bugzilla.mozilla.org/show_bug.cgi?id=481342	Patch
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
secalert@redhat.com	https://usn.ubuntu.com/764-1/
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-0437.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34758
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34780
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34843
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34844
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34894
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35042
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35065
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35536
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35561
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35602
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35882
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1797
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1830
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2009/mfsa2009-17.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0436.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1125.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1126.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34656
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022093
af854a3a-2127-422b-91ae-364da2661108	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-782-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1125
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=481342	Patch
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/764-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	0.1
mozilla	firefox	0.2
mozilla	firefox	0.3
mozilla	firefox	0.4
mozilla	firefox	0.5
mozilla	firefox	0.6
mozilla	firefox	0.6.1
mozilla	firefox	0.7
mozilla	firefox	0.7.1
mozilla	firefox	0.8
mozilla	firefox	0.9
mozilla	firefox	0.9
mozilla	firefox	0.9.1
mozilla	firefox	0.9.2
mozilla	firefox	0.9.3
mozilla	firefox	0.9_rc
mozilla	firefox	0.10
mozilla	firefox	0.10.1
mozilla	firefox	1.0
mozilla	firefox	1.0
mozilla	firefox	1.0.1
mozilla	firefox	1.0.2
mozilla	firefox	1.0.3
mozilla	firefox	1.0.4
mozilla	firefox	1.0.5
mozilla	firefox	1.0.6
mozilla	firefox	1.0.6
mozilla	firefox	1.0.7
mozilla	firefox	1.0.8
mozilla	firefox	1.5
mozilla	firefox	1.5
mozilla	firefox	1.5
mozilla	firefox	1.5.0.1
mozilla	firefox	1.5.0.2
mozilla	firefox	1.5.0.3
mozilla	firefox	1.5.0.4
mozilla	firefox	1.5.0.5
mozilla	firefox	1.5.0.6
mozilla	firefox	1.5.0.7
mozilla	firefox	1.5.0.8
mozilla	firefox	1.5.0.9
mozilla	firefox	1.5.0.10
mozilla	firefox	1.5.0.11
mozilla	firefox	1.5.0.12
mozilla	firefox	1.5.1
mozilla	firefox	1.5.2
mozilla	firefox	1.5.3
mozilla	firefox	1.5.4
mozilla	firefox	1.5.5
mozilla	firefox	1.5.6
mozilla	firefox	1.5.7
mozilla	firefox	1.5.8
mozilla	firefox	1.8
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0.0.1
mozilla	firefox	2.0.0.2
mozilla	firefox	2.0.0.3
mozilla	firefox	2.0.0.4
mozilla	firefox	2.0.0.5
mozilla	firefox	2.0.0.6
mozilla	firefox	2.0.0.7
mozilla	firefox	2.0.0.8
mozilla	firefox	2.0.0.9
mozilla	firefox	2.0.0.10
mozilla	firefox	2.0.0.11
mozilla	firefox	2.0.0.12
mozilla	firefox	2.0.0.13
mozilla	firefox	2.0.0.14
mozilla	firefox	2.0.0.15
mozilla	firefox	2.0.0.16
mozilla	firefox	2.0.0.17
mozilla	firefox	2.0.0.18
mozilla	firefox	2.0.0.19
mozilla	firefox	2.0.0.20
mozilla	firefox	2.0.0.21
mozilla	firefox	3.0
mozilla	firefox	3.0
mozilla	firefox	3.0
mozilla	firefox	3.0
mozilla	firefox	3.0.1
mozilla	firefox	3.0.2
mozilla	firefox	3.0.3
mozilla	firefox	3.0.4
mozilla	firefox	3.0.5
mozilla	firefox	3.0.6
mozilla	firefox	3.0.7
mozilla	firefox	3.0beta5
mozilla	seamonkey	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF7EBD73-EAFC-4D89-9962-8EBB2BB3DBDD",
              "versionEndIncluding": "3.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AA88B-638A-451A-B235-A1A1444BE417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C01AD7C-8470-47AB-B8AE-670E3A381E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E43F2F1-9252-4B44-8A61-D05305915A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB9D48B-DC7B-4D92-BB26-B6DE629A2506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A360D595-A829-4DDE-932E-9995626917E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9B5349-FAA7-4CDA-9533-1AD1ACDFAC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07243837-C353-4C25-A5B1-4DA32807E97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B832C034-F793-415F-BFC8-D97A18BA6BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CD1A13-66CB-49CC-BD84-5D8334DB774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*",
              "matchCriteriaId": "E15536D0-B6A3-4106-8196-021724324CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*",
              "matchCriteriaId": "438AACF8-006F-4522-853F-30DBBABD8C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
              "matchCriteriaId": "659F5DAF-D54F-43FB-AB2A-3FC7D456B434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2917BD67-CE81-4B94-B241-D4A9DDA60319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A524A94E-F19B-42B9-AA8E-171751C339AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F71436CF-F756-44E0-8E69-6951F6B3E54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "582EE839-B83F-4908-9780-D0C92DC44FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "824369CF-00A0-434E-94BC-71CA1317012C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB35099-B04E-4796-A25D-953329FE62F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30ACBCA-4FA1-46DE-8F15-4830BC27E160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9453EF65-7C69-449E-BF7C-4FECFB56713E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AA75825-21CF-475B-8040-126A13FA2216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA97C80E-17FA-4866-86CE-29886145ED80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE24BED-202E-416D-B5F2-8207D97B9939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "04198E04-CE1D-4A5A-A20C-D1E135B45F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717DB967-F658-4699-A224-5B261BFEC10A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F61EA4A1-1916-48A5-8196-E3CDEF3108F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A956C036-1E47-49B2-A971-69868A510B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F5AA254D-D41E-464F-9E2A-A950F08C6946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "612B015E-9F96-4CE6-83E4-23848FD609E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CD049A-5333-4FF7-AD34-6B74E19BADCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0066576D-D66A-4B59-B5C3-471EEBEE8B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "60ED6DAA-9194-4829-BC1A-00F04BE7930A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BEB9A6-EFD5-4793-9603-84DB84F1CF7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "461163C6-4CA8-4BA9-95A1-136E612CBA6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "275E9D96-1290-44AB-BF9B-E9E4A803F593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "140EFF03-09CB-436E-AF3F-1CEEFF4D3F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "20139741-10B1-4E4B-8D5F-A715042049C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52624B41-AB34-40AD-8709-D9646B618AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "917E9856-9556-4FD6-A834-858F8837A6B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "880CAA7D-398A-4B26-9754-FD188CE9729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C8E657-3049-4462-98F6-296C60BC8C5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n view-source: URI en Mozilla Firefox anteriores a v3.0.9, Thunderbird, and SeaMonkey no implementa correctamente la pol\u00edtica de mismo origen, permitiendo a atacantes remotos (1) saltar las restricciones crossdomain.xml y conectar a sitios web de su elecci\u00f3n utilizando un fichero Flash; (2) leer, crear o modificar objetos compartidos locales utilizando un fichero Flash; o (3) saltar restricciones no especificadas y generar contenido mediante vectores relacionados con jar: URI."
    }
  ],
  "id": "CVE-2009-1307",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-22T18:30:00.297",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34758"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34780"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34843"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34844"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34894"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35042"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35536"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35561"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35602"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1797"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1830"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/34656"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1022093"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-782-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/764-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-782-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/764-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-1307

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1307

Aliases

CVE-2009-1307

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1307",
    "description": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.",
    "id": "GSD-2009-1307",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1307.html",
      "https://www.debian.org/security/2009/dsa-1830",
      "https://www.debian.org/security/2009/dsa-1797",
      "https://access.redhat.com/errata/RHSA-2009:1126",
      "https://access.redhat.com/errata/RHSA-2009:1125",
      "https://access.redhat.com/errata/RHSA-2009:0437",
      "https://access.redhat.com/errata/RHSA-2009:0436",
      "https://linux.oracle.com/cve/CVE-2009-1307.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1307"
      ],
      "details": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.",
      "id": "GSD-2009-1307",
      "modified": "2023-12-13T01:19:48.595738Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-1307",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "http://secunia.com/advisories/35065",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "http://secunia.com/advisories/35561",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35561"
          },
          {
            "name": "http://secunia.com/advisories/35602",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35602"
          },
          {
            "name": "http://secunia.com/advisories/35882",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35882"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1830",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1830"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
          },
          {
            "name": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275",
            "refsource": "MISC",
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2009-0437.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
          },
          {
            "name": "http://secunia.com/advisories/34758",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34758"
          },
          {
            "name": "http://secunia.com/advisories/34780",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34780"
          },
          {
            "name": "http://secunia.com/advisories/34843",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34843"
          },
          {
            "name": "http://secunia.com/advisories/34844",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34844"
          },
          {
            "name": "http://secunia.com/advisories/34894",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34894"
          },
          {
            "name": "http://secunia.com/advisories/35042",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35042"
          },
          {
            "name": "http://secunia.com/advisories/35536",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35536"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1797",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1797"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-0436.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1125.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1126.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/34656",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/34656"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-782-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-782-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1125",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1125"
          },
          {
            "name": "https://usn.ubuntu.com/764-1/",
            "refsource": "MISC",
            "url": "https://usn.ubuntu.com/764-1/"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html",
            "refsource": "MISC",
            "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
          },
          {
            "name": "http://www.securitytracker.com/id?1022093",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1022093"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-1307"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
            },
            {
              "name": "34894",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34894"
            },
            {
              "name": "34758",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34758"
            },
            {
              "name": "FEDORA-2009-3875",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
            },
            {
              "name": "1022093",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022093"
            },
            {
              "name": "RHSA-2009:0436",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
            },
            {
              "name": "34656",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34656"
            },
            {
              "name": "34843",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34843"
            },
            {
              "name": "RHSA-2009:0437",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
            },
            {
              "name": "34844",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34844"
            },
            {
              "name": "ADV-2009-1125",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1125"
            },
            {
              "name": "34780",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34780"
            },
            {
              "name": "SUSE-SR:2009:010",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
            },
            {
              "name": "MDVSA-2009:111",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
            },
            {
              "name": "35065",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35065"
            },
            {
              "name": "DSA-1797",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1797"
            },
            {
              "name": "35042",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35042"
            },
            {
              "name": "USN-782-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-782-1"
            },
            {
              "name": "RHSA-2009:1126",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
            },
            {
              "name": "RHSA-2009:1125",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
            },
            {
              "name": "35536",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35536"
            },
            {
              "name": "SSA:2009-178-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.454275"
            },
            {
              "name": "SSA:2009-176-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.425408"
            },
            {
              "name": "35561",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35561"
            },
            {
              "name": "MDVSA-2009:141",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
            },
            {
              "name": "35602",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35602"
            },
            {
              "name": "FEDORA-2009-7614",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
            },
            {
              "name": "FEDORA-2009-7567",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
            },
            {
              "name": "35882",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35882"
            },
            {
              "name": "264308",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
            },
            {
              "name": "DSA-1830",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1830"
            },
            {
              "name": "oval:org.mitre.oval:def:7008",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
            },
            {
              "name": "oval:org.mitre.oval:def:6266",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
            },
            {
              "name": "oval:org.mitre.oval:def:6154",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
            },
            {
              "name": "oval:org.mitre.oval:def:5933",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
            },
            {
              "name": "oval:org.mitre.oval:def:10972",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
            },
            {
              "name": "USN-764-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/764-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-03T21:59Z",
      "publishedDate": "2009-04-22T18:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1307 (GCVE-0-2009-1307)

GHSA-5CXH-4RWM-2JH3

CERTA-2009-AVI-157

Description

Solution

FKIE_CVE-2009-1307

GSD-2009-1307

Tags

Sightings

Nomenclature