Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-1307 | First vendor Publication | 2009-04-22 |
Vendor | Cve | Last vendor Modification | 2018-10-03 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10972 | |||
Oval ID: | oval:org.mitre.oval:def:10972 | ||
Title: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5933 | |||
Oval ID: | oval:org.mitre.oval:def:5933 | ||
Title: | Mozilla Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6154 | |||
Oval ID: | oval:org.mitre.oval:def:6154 | ||
Title: | Mozilla Firefox arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6266 | |||
Oval ID: | oval:org.mitre.oval:def:6266 | ||
Title: | Mozilla Thunderbird arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7008 | |||
Oval ID: | oval:org.mitre.oval:def:7008 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386 File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386 File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386 File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos5 i386 File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos4 i386 File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox1.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn.nasl |
2009-10-10 | Name : SLES9: Security update for epiphany File : nvt/sles9p5059920.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey) File : nvt/fcore_2009_7614.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey) File : nvt/fcore_2009_7567.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
2009-06-30 | Name : Ubuntu USN-782-1 (thunderbird) File : nvt/ubuntu_782_1.nasl |
2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1126 File : nvt/RHSA_2009_1126.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1125 File : nvt/RHSA_2009_1125.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird) File : nvt/mdksa_2009_141.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1126 (thunderbird) File : nvt/ovcesa2009_1126.nasl |
2009-06-05 | Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl |
2009-06-05 | Name : Ubuntu USN-764-1 (xulrunner-1.9) File : nvt/ubuntu_764_1.nasl |
2009-06-05 | Name : Ubuntu USN-765-1 (xulrunner-1.9) File : nvt/ubuntu_765_1.nasl |
2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
2009-06-05 | Name : Ubuntu USN-772-1 (mpfr) File : nvt/ubuntu_772_1.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
2009-06-05 | Name : Ubuntu USN-773-1 (pango1.0) File : nvt/ubuntu_773_1.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0437 (seamonkey) File : nvt/ovcesa2009_0437.nasl |
2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1797-1 (xulrunner) File : nvt/deb_1797_1.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey) File : nvt/ovcesa2009_0437_02.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0436 File : nvt/RHSA_2009_0436.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0436 (firefox) File : nvt/ovcesa2009_0436.nasl |
2009-04-28 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox38.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3893 (epiphany) File : nvt/fcore_2009_3893.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3875 (firefox) File : nvt/fcore_2009_3875.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0437 File : nvt/RHSA_2009_0437.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_178_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-176-01 seamonkey File : nvt/esoft_slk_ssa_2009_176_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53958 | Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12519.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-765-1.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:10:22 |
|
2024-02-02 01:10:54 |
|
2024-02-01 12:03:04 |
|
2023-09-05 12:10:11 |
|
2023-09-05 01:02:55 |
|
2023-09-02 12:10:17 |
|
2023-09-02 01:02:56 |
|
2023-08-12 12:12:02 |
|
2023-08-12 01:02:55 |
|
2023-08-11 12:10:19 |
|
2023-08-11 01:03:02 |
|
2023-08-06 12:09:55 |
|
2023-08-06 01:02:57 |
|
2023-08-04 12:10:00 |
|
2023-08-04 01:03:00 |
|
2023-07-14 12:09:58 |
|
2023-07-14 01:02:57 |
|
2023-03-29 01:11:28 |
|
2023-03-28 12:03:03 |
|
2022-10-11 12:08:52 |
|
2022-10-11 01:02:46 |
|
2021-05-04 12:09:25 |
|
2021-04-22 01:09:45 |
|
2020-10-14 01:04:30 |
|
2020-10-03 01:04:28 |
|
2020-05-29 01:04:06 |
|
2020-05-23 01:40:17 |
|
2020-05-23 00:23:38 |
|
2018-10-04 00:19:35 |
|
2017-11-22 12:02:58 |
|
2017-09-29 09:24:10 |
|
2016-04-27 09:39:25 |
|
2016-04-26 18:45:40 |
|
2014-02-17 10:49:42 |
|
2013-05-10 23:48:58 |
|