Home > Vulnerability Database > CVE-2009-1307

Mend.io Vulnerability Database

CVE-2009-1307

Date: April 22, 2009

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Severity Score

5.6

Related Resources (42)

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

Url: http://secunia.com/advisories/35602

Url: http://www.debian.org/security/2009/dsa-1830

Url: http://www.debian.org/security/2009/dsa-1797

Url: http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

Url: http://secunia.com/advisories/34758

Url: http://secunia.com/advisories/35042

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

Url: http://secunia.com/advisories/35065

Url: http://secunia.com/advisories/35561

Url: http://secunia.com/advisories/35882

Url: https://usn.ubuntu.com/764-1/

Url: http://secunia.com/advisories/34894

Url: http://www.redhat.com/support/errata/RHSA-2009-1126.html

Url: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266

Url: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=481342

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1307

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408

Url: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

Url: http://www.vupen.com/english/advisories/2009/1125

Url: http://www.redhat.com/support/errata/RHSA-2009-0436.html

Url: http://secunia.com/advisories/35536

Url: http://secunia.com/advisories/34843

Url: http://www.redhat.com/support/errata/RHSA-2009-1125.html

Url: http://secunia.com/advisories/34844

Url: http://secunia.com/advisories/34780

Url: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

Url: http://www.securitytracker.com/id?1022093

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008

Url: http://www.securityfocus.com/bid/34656

Url: http://www.ubuntu.com/usn/usn-782-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-1307

Url: https://access.redhat.com/security/cve/CVE-2009-1307

Url: http://rhn.redhat.com/errata/RHSA-2009-0437.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:111

Url: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

Url: https://www.mend.io/vulnerability-database/CVE-2009-1307

Severity Score

5.6

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-1307

Date: April 22, 2009

Severity Score

Related Resources (42)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?