Published: 04/02/2009 Updated: 07/11/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Mozilla Firefox prior to 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote malicious users to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 0.1
mozilla firefox 0.9_rc
mozilla firefox 0.8
mozilla firefox 2.0.0.12
mozilla firefox 1.5
mozilla firefox 2.0_.7
mozilla firefox 1.5.2
mozilla firefox 1.5.0.6
mozilla firefox 1.8
mozilla firefox 2.0.0.2
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.3
mozilla firefox
mozilla firefox 1.5.0.11
mozilla firefox 1.5.4
mozilla firefox 1.0.2
mozilla firefox 3.0.4
mozilla firefox 2.0_8
mozilla firefox 2.0_.9
mozilla firefox 0.9.1
mozilla firefox 1.0.4
mozilla firefox 2.0.0.7
mozilla firefox 1.0.7
mozilla firefox 2.0.0.9
mozilla firefox 0.10.1
mozilla firefox 2.0_.1
mozilla firefox 0.9
mozilla firefox 2.0.0.16
mozilla firefox 3.0
mozilla firefox 1.5.6
mozilla firefox 2.0.0.17
mozilla firefox 0.7
mozilla firefox 2.0.0.15
mozilla firefox 0.2
mozilla firefox 0.3
mozilla firefox 2.0_.10
mozilla firefox 1.0
mozilla firefox 3.0.3
mozilla firefox 1.5.0.7
mozilla firefox 2.0
mozilla firefox 1.0.1
mozilla firefox 2.0.0.14
mozilla firefox 0.6
mozilla firefox 0.7.1
mozilla firefox 1.5.0.8
mozilla firefox 2.0_.5
mozilla firefox 2.0.0.3
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.5
mozilla firefox 1.5.7
mozilla firefox 1.5.0.12
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.11
mozilla firefox 1.5.0.2
mozilla firefox 1.0.3
mozilla firefox 3.0.1
mozilla firefox 2.0.0.4
mozilla firefox 0.5
mozilla firefox 0.6.1
mozilla firefox 1.5.1
mozilla firefox 0.9.3
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.1
mozilla firefox 3.0.2
mozilla firefox 2.0_.6
mozilla firefox 2.0_.4
mozilla firefox 1.5.5
mozilla firefox 0.9.2
mozilla firefox 2.0.0.8
mozilla firefox 1.5.8
mozilla firefox 1.5.3
mozilla firefox 0.4
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 0.10
mozilla firefox 1.0.5
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.10
mozilla firefox 1.0.6
mozilla firefox 1.0.8

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An updated firefox package that fixes various security issues is nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Mozilla Foundation Security Advisory 2009-04 Chrome privilege escalation via local desktop files Announced February 3, 2009 Reporter Georgi Guninski Impact Moderate Products Firefox Fixed in ...

CWE-59 http://www.mozilla.org/security/announce/2009/mfsa2009-04.html https://bugzilla.mozilla.org/show_bug.cgi?id=460425 http://www.securityfocus.com/bid/33598 http://secunia.com/advisories/33809 http://rhn.redhat.com/errata/RHSA-2009-0256.html http://www.securitytracker.com/id?1021666 http://secunia.com/advisories/33799 http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 http://secunia.com/advisories/33841 http://secunia.com/advisories/33831 http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm http://secunia.com/advisories/33846 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html http://www.vupen.com/english/advisories/2009/0313 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9922 https://access.redhat.com/errata/RHSA-2009:0256 https://nvd.nist.gov

Get Started

CVE-2009-0356

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect