Published: 12/06/2009 Updated: 29/09/2017

CVSS v2 Base Score: 5.4 | Impact Score: 6.9 | Exploitability Score: 4.9

VMScore: 545

Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N

Mozilla Firefox 3 prior to 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote malicious users to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.0.7
mozilla firefox 3.0.5
mozilla firefox 3.0.2
mozilla firefox
mozilla firefox 3.0.1
mozilla firefox 3.0
mozilla firefox 3.0.6
mozilla firefox 3.0.4
mozilla firefox 3.0.3
mozilla firefox 3.0.8
mozilla firefox 3.0.9
mozilla firefox 3.1
mozilla firefox 3.0beta5

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Several flaws were discovered in the browser and JavaScript engines of Firefox If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838 ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary ...

Mozilla Foundation Security Advisory 2009-30 Incorrect principal set for file: resources loaded via location bar Announced June 11, 2009 Reporter Adam Barth, Collin Jackson Impact Moderate Products Firefox Fixed in ...

# Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY # Date: 2009-12-18 # Author: Jordi Chancel # Software Link: wwwmozillaorg/security/announce/2009/mfsa2009-69html # Version: Mozilla Firefox 3015 & 355 # Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK # CVE : cvemitreorg/cgi-bin/cvenamecgi?name= ...

CWE-264 http://www.vupen.com/english/advisories/2009/1572 https://bugzilla.mozilla.org/show_bug.cgi?id=479943 http://www.securityfocus.com/bid/35326 https://rhn.redhat.com/errata/RHSA-2009-1095.html http://www.mozilla.org/security/announce/2009/mfsa2009-30.html https://bugzilla.redhat.com/show_bug.cgi?id=503581 http://secunia.com/advisories/35331 http://secunia.com/advisories/35431 http://www.securityfocus.com/bid/35386 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html http://osvdb.org/55163 http://www.debian.org/security/2009/dsa-1820 http://secunia.com/advisories/35468 http://secunia.com/advisories/35415 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9256 https://access.redhat.com/errata/RHSA-2009:1095 https://usn.ubuntu.com/779-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/10544/

CVE-2009-1839

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect