New Search

The view-source: URI implementation in Mozilla Firefox before 3.0.9 Thunderbird and SeaMonkey does not properly implement the Same Origin Policy which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read create or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

oval:org.mitre.oval:def:10972

The view-source: URI implementation in Mozilla Firefox before 3.0.9 Thunderbird and SeaMonkey does not properly implement the Same Origin Policy which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read create or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • CentOS Linux 5
  • Oracle Linux 5
  • Oracle Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2009-1307
Product(s):