CVE-2009-1307 (retired)

Priority
Description
The view-source: URI implementation in Mozilla Firefox before 3.0.9,
Thunderbird, and SeaMonkey does not properly implement the Same Origin
Policy, which allows remote attackers to (1) bypass crossdomain.xml
restrictions and connect to arbitrary web sites via a Flash file; (2) read,
create, or modify Local Shared Objects via a Flash file; or (3) bypass
unspecified restrictions and render content via vectors involving a jar:
URI.
Notes
jdstrandCVEs in Firefox are tracked in the xulrunner source packages. The
mapping of xulrunner sources to firefox is:
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
xulrunner-1.9: firefox-3.0
xulrunner-1.9.1: firefox-3.5
Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:16:02 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)