CVE Vulnerabilities

CVE-2009-1840

Published: Jun 12, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a web bug in an e-mail message, or web script or an advertisement in a web page.

Affected Software

Name Vendor Start Version End Version
Seamonkey Mozilla * *
Firefox Mozilla 3.0.7 3.0.7
Firefox Mozilla 3.1 3.1
Firefox Mozilla 3.0.9 3.0.9
Firefox Mozilla 3.0.8 3.0.8
Firefox Mozilla 3.0.4 3.0.4
Firefox Mozilla 3.0.5 3.0.5
Firefox Mozilla 3.0 3.0
Thunderbird Mozilla * *
Firefox Mozilla 3.0.3 3.0.3
Firefox Mozilla * 3.0.10
Firefox Mozilla 3.0.6 3.0.6
Firefox Mozilla 3.0 3.0
Firefox Mozilla 3.0.1 3.0.1
Firefox Mozilla 3.0.2 3.0.2
Firefox Mozilla 3.0beta5 3.0beta5
Firefox Mozilla 3.0 3.0
Firefox Mozilla 3.0 3.0

References