9.3

CVE-2009-1840

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 3.0.10
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0 Updatebeta5
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0.8
MozillaFirefox Version3.0.9
MozillaFirefox Version3.0beta5
MozillaFirefox Version3.1 Updatebeta1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.22% 0.804
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://secunia.com/advisories/35331
Vendor Advisory
http://secunia.com/advisories/35415
http://secunia.com/advisories/35431
Vendor Advisory
http://secunia.com/advisories/35439
Vendor Advisory
http://secunia.com/advisories/35440
Vendor Advisory
http://secunia.com/advisories/35468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://www.debian.org/security/2009/dsa-1820
http://www.securityfocus.com/bid/35326
Patch
http://www.vupen.com/english/advisories/2009/1572
Patch
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://osvdb.org/55158
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
Vendor Advisory
http://www.securitytracker.com/id?1022379
https://bugzilla.mozilla.org/show_bug.cgi?id=477979
https://bugzilla.redhat.com/show_bug.cgi?id=503582
https://exchange.xforce.ibmcloud.com/vulnerabilities/51076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448