5.4

CVE-2009-1839

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 3.0.10
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0 Updatebeta5
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0.8
MozillaFirefox Version3.0.9
MozillaFirefox Version3.0beta5
MozillaFirefox Version3.1 Updatebeta1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.12% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 4.9 6.9
AV:N/AC:H/Au:N/C:C/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://secunia.com/advisories/35331
Vendor Advisory
http://secunia.com/advisories/35415
http://secunia.com/advisories/35431
Vendor Advisory
http://secunia.com/advisories/35468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://www.debian.org/security/2009/dsa-1820
http://www.securityfocus.com/bid/35326
Patch
http://www.vupen.com/english/advisories/2009/1572
Patch
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://osvdb.org/55163
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
Vendor Advisory
http://www.securityfocus.com/bid/35386
https://bugzilla.mozilla.org/show_bug.cgi?id=479943
https://bugzilla.redhat.com/show_bug.cgi?id=503581
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9256