1. Home
  2. Vulnerabilities
  3. CVE-2009-0357

CVE-2009-0357

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.47 % (76th)
0.47% Progress
Affected Products 2
Advisories 10
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

Weaknesses
CWE-264
Permissions, Privileges, and Access Controls
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2009-02-04 19:30:00
(15 years ago)
Updated Date
2017-09-29 01:33:46
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 3.0.5 and prior versions cpe:2.3:a:mozilla:firefox <= 3.0.5
  Mozilla Firefox 0.1 cpe:2.3:a:mozilla:firefox:0.1
  Mozilla Firefox 0.2 cpe:2.3:a:mozilla:firefox:0.2
  Mozilla Firefox 0.3 cpe:2.3:a:mozilla:firefox:0.3
  Mozilla Firefox 0.4 cpe:2.3:a:mozilla:firefox:0.4
  Mozilla Firefox 0.5 cpe:2.3:a:mozilla:firefox:0.5
  Mozilla Firefox 0.6 cpe:2.3:a:mozilla:firefox:0.6
  Mozilla Firefox 0.6.1 cpe:2.3:a:mozilla:firefox:0.6.1
  Mozilla Firefox 0.7 cpe:2.3:a:mozilla:firefox:0.7
  Mozilla Firefox 0.7.1 cpe:2.3:a:mozilla:firefox:0.7.1
  Mozilla Firefox 0.8 cpe:2.3:a:mozilla:firefox:0.8
  Mozilla Firefox 0.9 cpe:2.3:a:mozilla:firefox:0.9
  Mozilla Firefox 0.9.1 cpe:2.3:a:mozilla:firefox:0.9.1
  Mozilla Firefox 0.9.2 cpe:2.3:a:mozilla:firefox:0.9.2
  Mozilla Firefox 0.9.3 cpe:2.3:a:mozilla:firefox:0.9.3
  Mozilla Firefox 1.0 cpe:2.3:a:mozilla:firefox:1.0
  Mozilla Firefox 1.0 Preview Release cpe:2.3:a:mozilla:firefox:1.0:preview_release
  Mozilla Firefox 1.0.1 cpe:2.3:a:mozilla:firefox:1.0.1
  Mozilla Firefox 1.0.2 cpe:2.3:a:mozilla:firefox:1.0.2
  Mozilla Firefox 1.0.3 cpe:2.3:a:mozilla:firefox:1.0.3
  Mozilla Firefox 1.0.4 cpe:2.3:a:mozilla:firefox:1.0.4
  Mozilla Firefox 1.0.5 cpe:2.3:a:mozilla:firefox:1.0.5
  Mozilla Firefox 1.0.6 cpe:2.3:a:mozilla:firefox:1.0.6
  Mozilla Firefox 1.0.7 cpe:2.3:a:mozilla:firefox:1.0.7
  Mozilla Firefox 1.0.8 cpe:2.3:a:mozilla:firefox:1.0.8
  Mozilla Firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5
  Mozilla Firefox 1.5.0.1 cpe:2.3:a:mozilla:firefox:1.5.0.1
  Mozilla Firefox 1.5.0.2 cpe:2.3:a:mozilla:firefox:1.5.0.2
  Mozilla Firefox 1.5.0.3 cpe:2.3:a:mozilla:firefox:1.5.0.3
  Mozilla Firefox 1.5.0.4 cpe:2.3:a:mozilla:firefox:1.5.0.4
  Mozilla Firefox 1.5.0.5 cpe:2.3:a:mozilla:firefox:1.5.0.5
  Mozilla Firefox 1.5.0.6 cpe:2.3:a:mozilla:firefox:1.5.0.6
  Mozilla Firefox 1.5.0.7 cpe:2.3:a:mozilla:firefox:1.5.0.7
  Mozilla Firefox 1.5.0.8 cpe:2.3:a:mozilla:firefox:1.5.0.8
  Mozilla Firefox 1.5.0.9 cpe:2.3:a:mozilla:firefox:1.5.0.9
  Mozilla Firefox 1.5.0.10 cpe:2.3:a:mozilla:firefox:1.5.0.10
  Mozilla Firefox 1.5.0.11 cpe:2.3:a:mozilla:firefox:1.5.0.11
  Mozilla Firefox 1.5.0.12 cpe:2.3:a:mozilla:firefox:1.5.0.12
  Mozilla Firefox 2.0 cpe:2.3:a:mozilla:firefox:2.0
  Mozilla Firefox 2.0 Beta1 cpe:2.3:a:mozilla:firefox:2.0:beta1
  Mozilla Firefox 2.0 Rc2 cpe:2.3:a:mozilla:firefox:2.0:rc2
  Mozilla Firefox 2.0 Rc3 cpe:2.3:a:mozilla:firefox:2.0:rc3
  Mozilla Firefox 2.0.0.1 cpe:2.3:a:mozilla:firefox:2.0.0.1
  Mozilla Firefox 2.0.0.2 cpe:2.3:a:mozilla:firefox:2.0.0.2
  Mozilla Firefox 2.0.0.3 cpe:2.3:a:mozilla:firefox:2.0.0.3
  Mozilla Firefox 2.0.0.4 cpe:2.3:a:mozilla:firefox:2.0.0.4
  Mozilla Firefox 2.0.0.5 cpe:2.3:a:mozilla:firefox:2.0.0.5
  Mozilla Firefox 2.0.0.6 cpe:2.3:a:mozilla:firefox:2.0.0.6
  Mozilla Firefox 2.0.0.7 cpe:2.3:a:mozilla:firefox:2.0.0.7
  Mozilla Firefox 2.0.0.8 cpe:2.3:a:mozilla:firefox:2.0.0.8
  Mozilla Firefox 2.0.0.9 cpe:2.3:a:mozilla:firefox:2.0.0.9
  Mozilla Firefox 2.0.0.10 cpe:2.3:a:mozilla:firefox:2.0.0.10
  Mozilla Firefox 2.0.0.11 cpe:2.3:a:mozilla:firefox:2.0.0.11
  Mozilla Firefox 2.0.0.12 cpe:2.3:a:mozilla:firefox:2.0.0.12
  Mozilla Firefox 2.0.0.13 cpe:2.3:a:mozilla:firefox:2.0.0.13
  Mozilla Firefox 2.0.0.14 cpe:2.3:a:mozilla:firefox:2.0.0.14
  Mozilla Firefox 2.0.0.15 cpe:2.3:a:mozilla:firefox:2.0.0.15
  Mozilla Firefox 2.0.0.16 cpe:2.3:a:mozilla:firefox:2.0.0.16
  Mozilla Firefox 2.0.0.17 cpe:2.3:a:mozilla:firefox:2.0.0.17
  Mozilla Firefox 2.0.0.18 cpe:2.3:a:mozilla:firefox:2.0.0.18
  Mozilla Firefox 2.0.0.19 cpe:2.3:a:mozilla:firefox:2.0.0.19
  Mozilla Firefox 2.0.0.20 cpe:2.3:a:mozilla:firefox:2.0.0.20
  Mozilla Firefox 3.0 cpe:2.3:a:mozilla:firefox:3.0
  Mozilla Firefox 3.0 Alpha cpe:2.3:a:mozilla:firefox:3.0:alpha
  Mozilla Firefox 3.0 Beta2 cpe:2.3:a:mozilla:firefox:3.0:beta2
  Mozilla Firefox 3.0 Beta5 cpe:2.3:a:mozilla:firefox:3.0:beta5
  Mozilla Firefox 3.0.1 cpe:2.3:a:mozilla:firefox:3.0.1
  Mozilla Firefox 3.0.2 cpe:2.3:a:mozilla:firefox:3.0.2
  Mozilla Firefox 3.0.3 cpe:2.3:a:mozilla:firefox:3.0.3
  Mozilla Firefox 3.0.4 cpe:2.3:a:mozilla:firefox:3.0.4
  Mozilla Seamonkey 1.1.13 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.13
  Mozilla Seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0
  Mozilla Seamonkey 1.0 Alpha cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  Mozilla Seamonkey 1.0 Beta cpe:2.3:a:mozilla:seamonkey:1.0:beta
  Mozilla Seamonkey 1.0.1 cpe:2.3:a:mozilla:seamonkey:1.0.1
  Mozilla Seamonkey 1.0.2 cpe:2.3:a:mozilla:seamonkey:1.0.2
  Mozilla Seamonkey 1.0.3 cpe:2.3:a:mozilla:seamonkey:1.0.3
  Mozilla Seamonkey 1.0.4 cpe:2.3:a:mozilla:seamonkey:1.0.4
  Mozilla Seamonkey 1.0.5 cpe:2.3:a:mozilla:seamonkey:1.0.5
  Mozilla Seamonkey 1.0.6 cpe:2.3:a:mozilla:seamonkey:1.0.6
  Mozilla Seamonkey 1.0.7 cpe:2.3:a:mozilla:seamonkey:1.0.7
  Mozilla Seamonkey 1.0.8 cpe:2.3:a:mozilla:seamonkey:1.0.8
  Mozilla Seamonkey 1.0.9 cpe:2.3:a:mozilla:seamonkey:1.0.9
  Mozilla Seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1
  Mozilla Seamonkey 1.1 Alpha cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  Mozilla Seamonkey 1.1 Beta cpe:2.3:a:mozilla:seamonkey:1.1:beta
  Mozilla Seamonkey 1.1.1 cpe:2.3:a:mozilla:seamonkey:1.1.1
  Mozilla Seamonkey 1.1.2 cpe:2.3:a:mozilla:seamonkey:1.1.2
  Mozilla Seamonkey 1.1.3 cpe:2.3:a:mozilla:seamonkey:1.1.3
  Mozilla Seamonkey 1.1.4 cpe:2.3:a:mozilla:seamonkey:1.1.4
  Mozilla Seamonkey 1.1.5 cpe:2.3:a:mozilla:seamonkey:1.1.5
  Mozilla Seamonkey 1.1.6 cpe:2.3:a:mozilla:seamonkey:1.1.6
  Mozilla Seamonkey 1.1.7 cpe:2.3:a:mozilla:seamonkey:1.1.7
  Mozilla Seamonkey 1.1.8 cpe:2.3:a:mozilla:seamonkey:1.1.8
  Mozilla Seamonkey 1.1.9 cpe:2.3:a:mozilla:seamonkey:1.1.9
  Mozilla Seamonkey 1.1.10 cpe:2.3:a:mozilla:seamonkey:1.1.10
  Mozilla Seamonkey 1.1.11 cpe:2.3:a:mozilla:seamonkey:1.1.11
  Mozilla Seamonkey 1.1.12 cpe:2.3:a:mozilla:seamonkey:1.1.12