CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.7%
The view-source: URI implementation in Mozilla Firefox before 3.0.9,
Thunderbird, and SeaMonkey does not properly implement the Same Origin
Policy, which allows remote attackers to (1) bypass crossdomain.xml
restrictions and connect to arbitrary web sites via a Flash file; (2) read,
create, or modify Local Shared Objects via a Flash file; or (3) bypass
unspecified restrictions and render content via vectors involving a jar:
URI.
Author | Note |
---|---|
jdstrand | CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 10.04 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 10.10 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 11.04 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 11.10 | noarch | seamonkey | < 1.1.17+nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 8.04 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |