Lucene search
Mozilla FoundationMFSA2009-09HistoryMar 04, 2009 - 12:00 a.m.
XML data theft via RDFXMLDataSource and cross-domain redirect — Mozilla
2009-03-0400:00:00
Mozilla Foundation
www.mozilla.org
27
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
EPSS
0.007
Percentile
80.7%
Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website.
Affected configurations
Node
mozillafirefoxRange<3.0.7
ORmozillaseamonkeyRange<1.1.15
ORmozillathunderbirdRange<2.0.0.21
Related
veracode
veracode
Same-Origin Policy Bypass
2020-04-10 00:29:26
ubuntucve
ubuntucve
CVE-2009-0776
2009-03-04 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-09
2009-03-06 00:00:00
Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities
2009-04-01 00:00:00
cve
cve
CVE-2009-0776
2009-03-05 02:30:00
prion
prion
Cross site scripting
2009-03-05 02:30:00
nvd
nvd
CVE-2009-0776
2009-03-05 02:30:00
cvelist
cvelist
CVE-2009-0776
2009-03-05 02:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-728-2)
2009-03-07 00:00:00
Ubuntu USN-728-2 (firefox)
2009-03-07 00:00:00
Ubuntu USN-728-3 (firefox)
2009-03-07 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2009-03-06 00:00:00
Firefox vulnerabilities
2009-03-06 00:00:00
Thunderbird vulnerabilities
2009-03-19 00:00:00
nessus
nessus
Ubuntu 6.06 LTS : firefox vulnerabilities (USN-728-3)
2013-03-09 00:00:00
Ubuntu 7.10 : firefox vulnerabilities (USN-728-2)
2013-03-09 00:00:00
redhat
redhat
(RHSA-2009:0325) Critical: seamonkey security update
2009-03-04 00:00:00
(RHSA-2009:0258) Moderate: thunderbird security update
2009-03-24 00:00:00
(RHSA-2009:0315) Critical: firefox security update
2009-03-04 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-03-05 00:00:00
thunderbird security update
2009-03-24 00:00:00
firefox security update
2009-03-05 00:00:00
centos
centos
seamonkey security update
2009-03-11 03:59:33
seamonkey security update
2009-03-05 13:43:36
thunderbird security update
2009-05-19 14:34:53
osv
osv
xulrunner - several vulnerabilities
2009-03-22 00:00:00
icedove - several vulnerabilities
2009-07-12 00:00:00
debian
debian
[SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
2009-03-22 21:30:20
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities
2009-07-12 11:21:02
fedora
fedora
[SECURITY] Fedora 9 Update: xulrunner-1.9.0.7-1.fc9
2009-03-08 19:36:13
[SECURITY] Fedora 9 Update: Miro-1.2.7-5.fc9
2009-03-08 19:36:13
[SECURITY] Fedora 9 Update: totem-2.23.2-12.fc9
2009-03-08 19:36:13
suse
suse
remote code execution in MozillaFirefox
2009-04-20 12:01:40
remote code execution in MozillaFirefox
2009-03-16 14:15:07
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
EPSS
0.007
Percentile
80.7%
Related for MFSA2009-09