Back to search
CVE-2009-1840
Published: Jun 12, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2009-1572
vdb-entry
x_refsource_VUPEN
35326
vdb-entry
x_refsource_BID
firefox-xul-security-bypass(51076)
vdb-entry
x_refsource_XF
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=477979
x_refsource_CONFIRM
55158
vdb-entry
x_refsource_OSVDB
35440
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-6411
vendor-advisory
x_refsource_FEDORA
35431
third-party-advisory
x_refsource_SECUNIA
35331
third-party-advisory
x_refsource_SECUNIA
35468
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9448
vdb-entry
signature
x_refsource_OVAL
35439
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-6366
vendor-advisory
x_refsource_FEDORA
MDVSA-2009:141
vendor-advisory
x_refsource_MANDRIVA
35415
third-party-advisory
x_refsource_SECUNIA
1022379
vdb-entry
x_refsource_SECTRACK
RHSA-2009:1095
vendor-advisory
x_refsource_REDHAT
SSA:2009-167-01
vendor-advisory
x_refsource_SLACKWARE
DSA-1820
vendor-advisory
x_refsource_DEBIAN
264308
vendor-advisory
x_refsource_SUNALERT
https://bugzilla.redhat.com/show_bug.cgi?id=503582
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now