CVE Vulnerabilities

CVE-2009-0355

Published: Feb 04, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.4 MEDIUM
AV:N/AC:H/Au:N/C:C/I:N/A:N
RedHat/V2
2.6 MODERATE
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type=file during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 0.1 0.1
Firefox Mozilla 0.2 0.2
Firefox Mozilla 0.3 0.3
Firefox Mozilla 0.4 0.4
Firefox Mozilla 0.5 0.5
Firefox Mozilla 0.6 0.6
Firefox Mozilla 0.6.1 0.6.1
Firefox Mozilla 0.7 0.7
Firefox Mozilla 0.7.1 0.7.1
Firefox Mozilla 0.8 0.8
Firefox Mozilla 0.9 0.9
Firefox Mozilla 0.9 0.9
Firefox Mozilla 0.9.1 0.9.1
Firefox Mozilla 0.9.2 0.9.2
Firefox Mozilla 0.9.3 0.9.3
Firefox Mozilla 0.9_rc 0.9_rc
Firefox Mozilla 0.10 0.10
Firefox Mozilla 0.10.1 0.10.1
Firefox Mozilla 1.0 1.0
Firefox Mozilla 1.0 1.0
Firefox Mozilla 1.0.1 1.0.1
Firefox Mozilla 1.0.2 1.0.2
Firefox Mozilla 1.0.3 1.0.3
Firefox Mozilla 1.0.4 1.0.4
Firefox Mozilla 1.0.5 1.0.5
Firefox Mozilla 1.0.6 1.0.6
Firefox Mozilla 1.0.7 1.0.7
Firefox Mozilla 1.0.8 1.0.8
Firefox Mozilla 1.5 1.5
Firefox Mozilla 1.5 1.5
Firefox Mozilla 1.5 1.5
Firefox Mozilla 1.5.0.1 1.5.0.1
Firefox Mozilla 1.5.0.2 1.5.0.2
Firefox Mozilla 1.5.0.3 1.5.0.3
Firefox Mozilla 1.5.0.4 1.5.0.4
Firefox Mozilla 1.5.0.5 1.5.0.5
Firefox Mozilla 1.5.0.6 1.5.0.6
Firefox Mozilla 1.5.0.7 1.5.0.7
Firefox Mozilla 1.5.0.8 1.5.0.8
Firefox Mozilla 1.5.0.9 1.5.0.9
Firefox Mozilla 1.5.0.10 1.5.0.10
Firefox Mozilla 1.5.0.11 1.5.0.11
Firefox Mozilla 1.5.0.12 1.5.0.12
Firefox Mozilla 1.5.1 1.5.1
Firefox Mozilla 1.5.2 1.5.2
Firefox Mozilla 1.5.3 1.5.3
Firefox Mozilla 1.5.4 1.5.4
Firefox Mozilla 1.5.5 1.5.5
Firefox Mozilla 1.5.6 1.5.6
Firefox Mozilla 1.5.7 1.5.7
Firefox Mozilla 1.5.8 1.5.8
Firefox Mozilla 1.8 1.8
Firefox Mozilla 2.0 2.0
Firefox Mozilla 2.0 2.0
Firefox Mozilla 2.0 2.0
Firefox Mozilla 2.0 2.0
Firefox Mozilla 2.0 2.0
Firefox Mozilla 2.0.0.1 2.0.0.1
Firefox Mozilla 2.0.0.2 2.0.0.2
Firefox Mozilla 2.0.0.3 2.0.0.3
Firefox Mozilla 2.0.0.4 2.0.0.4
Firefox Mozilla 2.0.0.5 2.0.0.5
Firefox Mozilla 2.0.0.6 2.0.0.6
Firefox Mozilla 2.0.0.7 2.0.0.7
Firefox Mozilla 2.0.0.8 2.0.0.8
Firefox Mozilla 2.0.0.9 2.0.0.9
Firefox Mozilla 2.0.0.10 2.0.0.10
Firefox Mozilla 2.0.0.11 2.0.0.11
Firefox Mozilla 2.0.0.12 2.0.0.12
Firefox Mozilla 2.0.0.13 2.0.0.13
Firefox Mozilla 2.0.0.14 2.0.0.14
Firefox Mozilla 2.0.0.15 2.0.0.15
Firefox Mozilla 2.0.0.16 2.0.0.16
Firefox Mozilla 2.0.0.17 2.0.0.17
Firefox Mozilla 2.0.0.18 2.0.0.18
Firefox Mozilla 2.0_.1 2.0_.1
Firefox Mozilla 2.0_.4 2.0_.4
Firefox Mozilla 2.0_.5 2.0_.5
Firefox Mozilla 2.0_.6 2.0_.6
Firefox Mozilla 2.0_.7 2.0_.7
Firefox Mozilla 2.0_.9 2.0_.9
Firefox Mozilla 2.0_.10 2.0_.10
Firefox Mozilla 2.0_8 2.0_8
Firefox Mozilla 3.0 3.0
Firefox Mozilla 3.0 3.0
Firefox Mozilla 3.0 3.0
Firefox Mozilla 3.0 3.0
Firefox Mozilla 3.0.1 3.0.1
Firefox Mozilla 3.0.2 3.0.2
Firefox Mozilla 3.0.3 3.0.3
Firefox Mozilla 3.0.4 3.0.4
Firefox Mozilla * 3.0.5
Red Hat Enterprise Linux 2.1 RedHat seamonkey-0:1.0.9-0.27.el2 *
Red Hat Enterprise Linux 3 RedHat seamonkey-0:1.0.9-0.32.el3 *
Red Hat Enterprise Linux 4 RedHat firefox-0:3.0.6-1.el4 *
Red Hat Enterprise Linux 4 RedHat nss-0:3.12.2.0-3.el4 *
Red Hat Enterprise Linux 4 RedHat seamonkey-0:1.0.9-35.el4 *
Red Hat Enterprise Linux 4 RedHat thunderbird-0:1.5.0.12-19.el4 *
Red Hat Enterprise Linux 5 RedHat firefox-0:3.0.6-1.el5 *
Red Hat Enterprise Linux 5 RedHat nss-0:3.12.2.0-4.el5 *
Red Hat Enterprise Linux 5 RedHat xulrunner-0:1.9.0.6-1.el5 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:2.0.0.21-1.el5 *
Firefox Ubuntu dapper *
Firefox Ubuntu gutsy *
Firefox Ubuntu hardy *
Xulrunner Ubuntu gutsy *
Xulrunner Ubuntu hardy *
Xulrunner Ubuntu intrepid *
Xulrunner Ubuntu jaunty *
Xulrunner Ubuntu karmic *
Xulrunner-1.9 Ubuntu gutsy *
Xulrunner-1.9 Ubuntu hardy *
Xulrunner-1.9 Ubuntu intrepid *
Xulrunner-1.9 Ubuntu jaunty *

References