QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0355

Back to search

CVE-2009-0355

Published: Feb 4, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

VendorProductVersions

n/a

n/a

affected
n/a

References

33808
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0313
vdb-entry
x_refsource_VUPEN
SUSE-SA:2009:009
vendor-advisory
x_refsource_SUSE
33809
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:044
vendor-advisory
x_refsource_MANDRIVA
RHSA-2009:0256
vendor-advisory
x_refsource_REDHAT
33831
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9161
vdb-entry
signature
x_refsource_OVAL
USN-717-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2009:0258
vendor-advisory
x_refsource_REDHAT
34417
third-party-advisory
x_refsource_SECUNIA
33841
third-party-advisory
x_refsource_SECUNIA
33816
third-party-advisory
x_refsource_SECUNIA
33846
third-party-advisory
x_refsource_SECUNIA
33799
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-2882
vendor-advisory
x_refsource_FEDORA
RHSA-2009:0257
vendor-advisory
x_refsource_REDHAT
FEDORA-2009-2884
vendor-advisory
x_refsource_FEDORA
33598
vdb-entry
x_refsource_BID
FEDORA-2009-1399
vendor-advisory
x_refsource_FEDORA
34324
third-party-advisory
x_refsource_SECUNIA
33869
third-party-advisory
x_refsource_SECUNIA
USN-717-1
vendor-advisory
x_refsource_UBUNTU
1021665
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now