CVE Vulnerabilities

CVE-2009-3007

Published: Aug 28, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

Affected Software

Name Vendor Start Version End Version
Flock Flock 2.5.1 2.5.1
Firefox Mozilla 3.5.1 3.5.1
Seamonkey Mozilla 1.1.7 1.1.7
Seamonkey Ubuntu hardy *
Seamonkey Ubuntu intrepid *
Seamonkey Ubuntu jaunty *
Seamonkey Ubuntu karmic *
Seamonkey Ubuntu lucid *
Seamonkey Ubuntu maverick *
Seamonkey Ubuntu natty *
Seamonkey Ubuntu oneiric *
Xulrunner-1.9.1 Ubuntu upstream *

References