CVE-2009-1307

CVSS v2.0 6.8 (Medium)

EPSS 1.94 % (89^th)

Affected Products 3

Advisories 9

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2009-04-22 18:30:00
(15 years ago)
Updated Date: 2018-10-03 21:59:49
(6 years ago)

Affected Products

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Firefox 3.0.8 and prior versions	cpe:2.3:a:mozilla:firefox	<= 3.0.8
Mozilla Firefox 0.1	cpe:2.3:a:mozilla:firefox:0.1
Mozilla Firefox 0.2	cpe:2.3:a:mozilla:firefox:0.2
Mozilla Firefox 0.3	cpe:2.3:a:mozilla:firefox:0.3
Mozilla Firefox 0.4	cpe:2.3:a:mozilla:firefox:0.4
Mozilla Firefox 0.5	cpe:2.3:a:mozilla:firefox:0.5
Mozilla Firefox 0.6	cpe:2.3:a:mozilla:firefox:0.6
Mozilla Firefox 0.6.1	cpe:2.3:a:mozilla:firefox:0.6.1
Mozilla Firefox 0.7	cpe:2.3:a:mozilla:firefox:0.7
Mozilla Firefox 0.7.1	cpe:2.3:a:mozilla:firefox:0.7.1
Mozilla Firefox 0.8	cpe:2.3:a:mozilla:firefox:0.8
Mozilla Firefox 0.9	cpe:2.3:a:mozilla:firefox:0.9
Mozilla Firefox 0.9 Rc	cpe:2.3:a:mozilla:firefox:0.9:rc
Mozilla Firefox 0.9.1	cpe:2.3:a:mozilla:firefox:0.9.1
Mozilla Firefox 0.9.2	cpe:2.3:a:mozilla:firefox:0.9.2
Mozilla Firefox 0.9.3	cpe:2.3:a:mozilla:firefox:0.9.3
Mozilla Firefox 0.9 Rc	cpe:2.3:a:mozilla:firefox:0.9_rc
Mozilla Firefox 0.10	cpe:2.3:a:mozilla:firefox:0.10
Mozilla Firefox 0.10.1	cpe:2.3:a:mozilla:firefox:0.10.1
Mozilla Firefox 1.0	cpe:2.3:a:mozilla:firefox:1.0
Mozilla Firefox 1.0 Preview Release	cpe:2.3:a:mozilla:firefox:1.0:preview_release
Mozilla Firefox 1.0.1	cpe:2.3:a:mozilla:firefox:1.0.1
Mozilla Firefox 1.0.2	cpe:2.3:a:mozilla:firefox:1.0.2
Mozilla Firefox 1.0.3	cpe:2.3:a:mozilla:firefox:1.0.3
Mozilla Firefox 1.0.4	cpe:2.3:a:mozilla:firefox:1.0.4
Mozilla Firefox 1.0.5	cpe:2.3:a:mozilla:firefox:1.0.5
Mozilla Firefox 1.0.6	cpe:2.3:a:mozilla:firefox:1.0.6
Mozilla Firefox 1.0.6 Linux Edition	cpe:2.3:a:mozilla:firefox:1.0.6:*:linux
Mozilla Firefox 1.0.7	cpe:2.3:a:mozilla:firefox:1.0.7
Mozilla Firefox 1.0.8	cpe:2.3:a:mozilla:firefox:1.0.8
Mozilla Firefox 1.5	cpe:2.3:a:mozilla:firefox:1.5
Mozilla Firefox 1.5 Beta1	cpe:2.3:a:mozilla:firefox:1.5:beta1
Mozilla Firefox 1.5 Beta2	cpe:2.3:a:mozilla:firefox:1.5:beta2
Mozilla Firefox 1.5.0.1	cpe:2.3:a:mozilla:firefox:1.5.0.1
Mozilla Firefox 1.5.0.2	cpe:2.3:a:mozilla:firefox:1.5.0.2
Mozilla Firefox 1.5.0.3	cpe:2.3:a:mozilla:firefox:1.5.0.3
Mozilla Firefox 1.5.0.4	cpe:2.3:a:mozilla:firefox:1.5.0.4
Mozilla Firefox 1.5.0.5	cpe:2.3:a:mozilla:firefox:1.5.0.5
Mozilla Firefox 1.5.0.6	cpe:2.3:a:mozilla:firefox:1.5.0.6
Mozilla Firefox 1.5.0.7	cpe:2.3:a:mozilla:firefox:1.5.0.7
Mozilla Firefox 1.5.0.8	cpe:2.3:a:mozilla:firefox:1.5.0.8
Mozilla Firefox 1.5.0.9	cpe:2.3:a:mozilla:firefox:1.5.0.9
Mozilla Firefox 1.5.0.10	cpe:2.3:a:mozilla:firefox:1.5.0.10
Mozilla Firefox 1.5.0.11	cpe:2.3:a:mozilla:firefox:1.5.0.11
Mozilla Firefox 1.5.0.12	cpe:2.3:a:mozilla:firefox:1.5.0.12
Mozilla Firefox 1.5.1	cpe:2.3:a:mozilla:firefox:1.5.1
Mozilla Firefox 1.5.2	cpe:2.3:a:mozilla:firefox:1.5.2
Mozilla Firefox 1.5.3	cpe:2.3:a:mozilla:firefox:1.5.3
Mozilla Firefox 1.5.4	cpe:2.3:a:mozilla:firefox:1.5.4
Mozilla Firefox 1.5.5	cpe:2.3:a:mozilla:firefox:1.5.5
Mozilla Firefox 1.5.6	cpe:2.3:a:mozilla:firefox:1.5.6
Mozilla Firefox 1.5.7	cpe:2.3:a:mozilla:firefox:1.5.7
Mozilla Firefox 1.5.8	cpe:2.3:a:mozilla:firefox:1.5.8
Mozilla Firefox 1.8	cpe:2.3:a:mozilla:firefox:1.8
Mozilla Firefox 2.0	cpe:2.3:a:mozilla:firefox:2.0
Mozilla Firefox 2.0 Beta 1	cpe:2.3:a:mozilla:firefox:2.0:beta_1
Mozilla Firefox 2.0 Beta1	cpe:2.3:a:mozilla:firefox:2.0:beta1
Mozilla Firefox 2.0 Rc2	cpe:2.3:a:mozilla:firefox:2.0:rc2
Mozilla Firefox 2.0 Rc3	cpe:2.3:a:mozilla:firefox:2.0:rc3
Mozilla Firefox 2.0.0.1	cpe:2.3:a:mozilla:firefox:2.0.0.1
Mozilla Firefox 2.0.0.2	cpe:2.3:a:mozilla:firefox:2.0.0.2
Mozilla Firefox 2.0.0.3	cpe:2.3:a:mozilla:firefox:2.0.0.3
Mozilla Firefox 2.0.0.4	cpe:2.3:a:mozilla:firefox:2.0.0.4
Mozilla Firefox 2.0.0.5	cpe:2.3:a:mozilla:firefox:2.0.0.5
Mozilla Firefox 2.0.0.6	cpe:2.3:a:mozilla:firefox:2.0.0.6
Mozilla Firefox 2.0.0.7	cpe:2.3:a:mozilla:firefox:2.0.0.7
Mozilla Firefox 2.0.0.8	cpe:2.3:a:mozilla:firefox:2.0.0.8
Mozilla Firefox 2.0.0.9	cpe:2.3:a:mozilla:firefox:2.0.0.9
Mozilla Firefox 2.0.0.10	cpe:2.3:a:mozilla:firefox:2.0.0.10
Mozilla Firefox 2.0.0.11	cpe:2.3:a:mozilla:firefox:2.0.0.11
Mozilla Firefox 2.0.0.12	cpe:2.3:a:mozilla:firefox:2.0.0.12
Mozilla Firefox 2.0.0.13	cpe:2.3:a:mozilla:firefox:2.0.0.13
Mozilla Firefox 2.0.0.14	cpe:2.3:a:mozilla:firefox:2.0.0.14
Mozilla Firefox 2.0.0.15	cpe:2.3:a:mozilla:firefox:2.0.0.15
Mozilla Firefox 2.0.0.16	cpe:2.3:a:mozilla:firefox:2.0.0.16
Mozilla Firefox 2.0.0.17	cpe:2.3:a:mozilla:firefox:2.0.0.17
Mozilla Firefox 2.0.0.18	cpe:2.3:a:mozilla:firefox:2.0.0.18
Mozilla Firefox 2.0.0.19	cpe:2.3:a:mozilla:firefox:2.0.0.19
Mozilla Firefox 2.0.0.20	cpe:2.3:a:mozilla:firefox:2.0.0.20
Mozilla Firefox 2.0.0.21	cpe:2.3:a:mozilla:firefox:2.0.0.21
Mozilla Firefox 3.0	cpe:2.3:a:mozilla:firefox:3.0
Mozilla Firefox 3.0 Alpha	cpe:2.3:a:mozilla:firefox:3.0:alpha
Mozilla Firefox 3.0 Beta2	cpe:2.3:a:mozilla:firefox:3.0:beta2
Mozilla Firefox 3.0 Beta5	cpe:2.3:a:mozilla:firefox:3.0:beta5
Mozilla Firefox 3.0.1	cpe:2.3:a:mozilla:firefox:3.0.1
Mozilla Firefox 3.0.2	cpe:2.3:a:mozilla:firefox:3.0.2
Mozilla Firefox 3.0.3	cpe:2.3:a:mozilla:firefox:3.0.3
Mozilla Firefox 3.0.4	cpe:2.3:a:mozilla:firefox:3.0.4
Mozilla Firefox 3.0.5	cpe:2.3:a:mozilla:firefox:3.0.5
Mozilla Firefox 3.0.6	cpe:2.3:a:mozilla:firefox:3.0.6
Mozilla Firefox 3.0.7	cpe:2.3:a:mozilla:firefox:3.0.7
Mozilla Firefox 3.0beta5	cpe:2.3:a:mozilla:firefox:3.0beta5
Mozilla Seamonkey	cpe:2.3:a:mozilla:seamonkey
Mozilla Thunderbird	cpe:2.3:a:mozilla:thunderbird