CVSS: 4.3EPSS: 0%CPEs: 132EXPL: 2CVE-2009-1835 – file: resources
https://notcve.org/view.php?id=CVE-2009-1835
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. Mozilla Firefox anteriores a v3.0.11 y SeaMonkey anteriores a v1.1.17 asocian documentos locales con un dominio de nombres externo localizado después de la subcadena "file://" en una URL, lo que permite a atacantes remotos ayudados por el usuario leer cookies de forma arbitraria a través de un documento HTML manipulado, como se demostró mediante una URL con file://examplo.com/C:/ al principio. • http://osvdb.org/55161 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35468 http://secunia.com/advisories/35561 http://secunia.com/advisories/35882 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://slackware.com&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 202EXPL: 2CVE-2009-1836 – Firefox SSL tampering via non-200 responses to proxy CONNECT requests
https://notcve.org/view.php?id=CVE-2009-1836
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 utilizan la cabecera HTTP del servidor para determinar el contexto de un documento facilitado mediante una respuesta CONNECT no 200 desde un servidor proxy, lo que permite a atacantes "man-in-the-middle" ejecutar secuencias de comandos web arbitrarios mediante la modificación de la respuesta CONNECT, también conocido como ataque "forzado SSL". • http://osvdb.org/55160 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 1%CPEs: 16EXPL: 1CVE-2009-1839 – Mozilla Firefox - Location Bar Spoofing
https://notcve.org/view.php?id=CVE-2009-1839
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. Mozilla Firefox v3 anteriores a v3.0.11 asocia incorrectamente un principal con un fichero: URL cargada a través de la barra de direcciones, lo que permite a atacantes remotos con la colaboración del usuario evitar la restricciones de acceso previstas y leer ficheros a través de un documento HTML manipulado, también conocido como ataque de "secuencia de comandos fichero-URL-a-fichero-URL". • https://www.exploit-db.com/exploits/10544 http://osvdb.org/55163 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35468 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.mozilla.org/security/announce/2009/mfsa2009-30.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 18EXPL: 0CVE-2009-1840 – Firefox XUL scripts skip some security checks
https://notcve.org/view.php?id=CVE-2009-1840
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. Mozilla Firefox anterior a v3.0.11, Thunderbird, y SeaMonkey no comprueban la politica de contenidos antes de cargar un fichero de secuencia de comandos que este en un documento XUL, lo que permite a atacantes remotos evitar las restricciones de acceso previstas a través de un documento HTML manipulado, como se demostró mediante un "web bug" en un mensaje de correo electrónico, o secuencias de comandos web o un anuncio en una página. • http://osvdb.org/55158 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.mandriva.com/securi • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 94EXPL: 0CVE-2009-1307 – view-source: protocol
https://notcve.org/view.php?id=CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. La implementación view-source: URI en Mozilla Firefox anteriores a v3.0.9, Thunderbird, and SeaMonkey no implementa correctamente la política de mismo origen, permitiendo a atacantes remotos (1) saltar las restricciones crossdomain.xml y conectar a sitios web de su elección utilizando un fichero Flash; (2) leer, crear o modificar objetos compartidos locales utilizando un fichero Flash; o (3) saltar restricciones no especificadas y generar contenido mediante vectores relacionados con jar: URI. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/3 • CWE-20: Improper Input Validation •