VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 22, 2009· Updated Apr 23, 2026

CVE-2009-1307

CVE-2009-1307

Description

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Affected products

94
  • Mozilla Corporation/Firefox92 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 91 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.0.8
    • cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*
  • Mozilla Corporation/Seamonkey
    cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
  • Mozilla Corporation/Thunderbird
    cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

38

News mentions

0

No linked articles in our index yet.