Revision Date: | 2013-04-29 | Version: | 12 | Title: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | Family: | unix | Class: | vulnerability | Status: | ACCEPTED | Reference(s): | CVE-2009-1307
| Platform(s): | CentOS Linux 3 CentOS Linux 4 CentOS Linux 5 Oracle Linux 4 Oracle Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5
| Product(s): | | Definition Synopsis | OS Section: RHEL3, CentOS3 RHEL3 or CentOS3
The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND Configuration section
seamonkey-nspr is earlier than 0:1.0.9-0.37.el3
OR seamonkey-js-debugger is earlier than 0:1.0.9-0.37.el3
OR seamonkey-nss-devel is earlier than 0:1.0.9-0.37.el3
OR seamonkey is earlier than 0:1.0.9-0.37.el3
OR seamonkey-nspr-devel is earlier than 0:1.0.9-0.37.el3
OR seamonkey-mail is earlier than 0:1.0.9-0.37.el3
OR seamonkey-chat is earlier than 0:1.0.9-0.37.el3
OR seamonkey-devel is earlier than 0:1.0.9-0.37.el3
OR seamonkey-dom-inspector is earlier than 0:1.0.9-0.37.el3
OR seamonkey-nss is earlier than 0:1.0.9-0.37.el3
OR OS Section: RHEL4, CentOS4, Oracle Linux 4
RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
seamonkey-js-debugger is earlier than 0:1.0.9-41.el4
OR thunderbird is earlier than 0:1.5.0.12-23.el4
OR seamonkey is earlier than 0:1.0.9-41.el4
OR firefox is earlier than 0:3.0.9-1.el4
OR seamonkey-mail is earlier than 0:1.0.9-41.el4
OR seamonkey-chat is earlier than 0:1.0.9-41.el4
OR seamonkey-devel is earlier than 0:1.0.9-41.el4
OR seamonkey-dom-inspector is earlier than 0:1.0.9-41.el4
OR OS Section: RHEL5, CentOS5, Oracle Linux 5
RHEL5, CentOS5 or Oracle Linux 5
The operating system installed on the system is Red Hat Enterprise Linux 5
OR The operating system installed on the system is CentOS Linux 5.x
OR Oracle Linux 5.x
AND Configuration section
xulrunner-devel-unstable is earlier than 0:1.9.0.9-1.el5
OR xulrunner-devel is earlier than 0:1.9.0.9-1.el5
OR firefox is earlier than 0:3.0.9-1.el5
OR thunderbird is earlier than 0:2.0.0.22-2.el5_3
OR xulrunner is earlier than 0:1.9.0.9-1.el5
|
|