Security Advisory

CVE-2009-1307

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-04-22 18:00:00

Last updated 2024-08-07 05:04:49

Assigner redhat

State PUBLISHED

Description

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

← Browse all CVEs View on cve.org ↗