Oval Definition:oval:org.mitre.oval:def:10972
Revision Date:2013-04-29Version:12
Title:The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Description:The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-1307
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • seamonkey-nspr is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-js-debugger is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-nss-devel is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-nspr-devel is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-mail is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-chat is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-devel is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-dom-inspector is earlier than 0:1.0.9-0.37.el3
  • OR seamonkey-nss is earlier than 0:1.0.9-0.37.el3
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • seamonkey-js-debugger is earlier than 0:1.0.9-41.el4
  • OR thunderbird is earlier than 0:1.5.0.12-23.el4
  • OR seamonkey is earlier than 0:1.0.9-41.el4
  • OR firefox is earlier than 0:3.0.9-1.el4
  • OR seamonkey-mail is earlier than 0:1.0.9-41.el4
  • OR seamonkey-chat is earlier than 0:1.0.9-41.el4
  • OR seamonkey-devel is earlier than 0:1.0.9-41.el4
  • OR seamonkey-dom-inspector is earlier than 0:1.0.9-41.el4
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • xulrunner-devel-unstable is earlier than 0:1.9.0.9-1.el5
  • OR xulrunner-devel is earlier than 0:1.9.0.9-1.el5
  • OR firefox is earlier than 0:3.0.9-1.el5
  • OR thunderbird is earlier than 0:2.0.0.22-2.el5_3
  • OR xulrunner is earlier than 0:1.9.0.9-1.el5
    • BACK