CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.5%
Mozilla Foundation reports:
MFSA 2009-06: Directives to not cache pages ignored
MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies
MFSA 2009-04: Chrome privilege escalation via local .desktop
files
MFSA 2009-03: Local file stealing with SessionStore
MFSA 2009-02: XSS using a chrome XBL method and window.eval
MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 2.0.0.20_3,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 3.0.6 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox-devel | < 3.0.6 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 1.1.15 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 1.1.15 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 2.0.0.21 | UNKNOWN |
FreeBSD | any | noarch | linux-thunderbird | < 2.0.0.21 | UNKNOWN |
secunia.com/advisories/33799/
www.mozilla.org/security/announce/2009/mfsa2009-01.html
www.mozilla.org/security/announce/2009/mfsa2009-02.html
www.mozilla.org/security/announce/2009/mfsa2009-03.html
www.mozilla.org/security/announce/2009/mfsa2009-04.html
www.mozilla.org/security/announce/2009/mfsa2009-05.html
www.mozilla.org/security/announce/2009/mfsa2009-06.html