Published: 12/06/2009 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Mozilla Firefox prior to 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote malicious users to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.0.3
mozilla firefox 3.0.7
mozilla firefox 3.0.2
mozilla firefox
mozilla firefox 3.0.1
mozilla firefox 3.0
mozilla firefox 3.0beta5
mozilla firefox 3.0.6
mozilla firefox 3.0.4
mozilla firefox 3.0.8
mozilla firefox 3.0.9
mozilla firefox 3.1
mozilla firefox 3.0.5
mozilla thunderbird
mozilla seamonkey

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Several flaws were discovered in the browser and JavaScript engines of Firefox If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838 ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary ...

Mozilla Foundation Security Advisory 2009-31 XUL scripts bypass content-policy checks Announced June 11, 2009 Reporter Wladimir Palant Impact Low Products Firefox Fixed in Firefox ...

CWE-264 http://secunia.com/advisories/35439 http://www.vupen.com/english/advisories/2009/1572 http://secunia.com/advisories/35440 https://rhn.redhat.com/errata/RHSA-2009-1095.html https://bugzilla.redhat.com/show_bug.cgi?id=503582 https://bugzilla.mozilla.org/show_bug.cgi?id=477979 http://secunia.com/advisories/35431 http://secunia.com/advisories/35331 http://www.mozilla.org/security/announce/2009/mfsa2009-31.html http://www.securityfocus.com/bid/35326 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html http://www.securitytracker.com/id?1022379 http://osvdb.org/55158 http://www.debian.org/security/2009/dsa-1820 http://secunia.com/advisories/35468 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://secunia.com/advisories/35415 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/51076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448 https://access.redhat.com/errata/RHSA-2009:1095 https://usn.ubuntu.com/779-1/https://nvd.nist.gov

CVE-2009-1840

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect