Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-1307

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE Linux Security Vulnerability: CVE-2009-1307

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

04/22/2009

Created

07/25/2018

Added

02/17/2015

Modified

07/04/2017

Description

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Solution(s)

suse-upgrade-mozilla
suse-upgrade-mozilla-devel
suse-upgrade-mozilla-dom-inspector
suse-upgrade-mozilla-irc
suse-upgrade-mozilla-mail
suse-upgrade-mozilla-venkman
suse-upgrade-mozilla-xulrunner190
suse-upgrade-mozilla-xulrunner190-32bit
suse-upgrade-mozilla-xulrunner190-64bit
suse-upgrade-mozilla-xulrunner190-devel
suse-upgrade-mozilla-xulrunner190-gnomevfs
suse-upgrade-mozilla-xulrunner190-gnomevfs-32bit
suse-upgrade-mozilla-xulrunner190-gnomevfs-64bit
suse-upgrade-mozilla-xulrunner190-translations
suse-upgrade-mozilla-xulrunner190-translations-32bit
suse-upgrade-mozilla-xulrunner190-translations-64bit
suse-upgrade-mozillafirefox
suse-upgrade-mozillafirefox-branding-upstream
suse-upgrade-mozillafirefox-translations
suse-upgrade-mozillathunderbird
suse-upgrade-mozillathunderbird-devel
suse-upgrade-mozillathunderbird-translations
suse-upgrade-python-xpcom190
suse-upgrade-seamonkey
suse-upgrade-seamonkey-dom-inspector
suse-upgrade-seamonkey-irc
suse-upgrade-seamonkey-mail
suse-upgrade-seamonkey-spellchecker
suse-upgrade-seamonkey-venkman

References

https://attackerkb.com/topics/cve-2009-1307
34656
CVE - 2009-1307
DSA-1797
DSA-1830
OVAL10972
OVAL5933
OVAL6154
OVAL6266
OVAL7008
RHSA-2009:0436
RHSA-2009:0437
RHSA-2009:1125
RHSA-2009:1126

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-1307

SUSE Linux Security Vulnerability: CVE-2009-1307

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.