CVE-2009-1840

Published: Jun 12, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.

Affected (18)

Products: Mozilla: Firefox, Seamonkey, Thunderbird

3 products

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 3.0.10
Mozilla Firefox	Version 3.0.1
Mozilla Firefox	Version 3.0.2
Mozilla Firefox	Version 3.0.3
Mozilla Firefox	Version 3.0.4
Mozilla Firefox	Version 3.0.5
Mozilla Firefox	Version 3.0.6
Mozilla Firefox	Version 3.0.7
Mozilla Firefox	Version 3.0.8
Mozilla Firefox	Version 3.0.9
Mozilla Firefox	Version 3.0
Mozilla Firefox	Version 3.0 alpha
Mozilla Firefox	Version 3.0 beta2
Mozilla Firefox	Version 3.0 beta5
Mozilla Firefox	Version 3.0beta5
Mozilla Firefox	Version 3.1 beta1
Mozilla Seamonkey	All versions
Mozilla Thunderbird	All versions

Related CWEs

References (44)

http://osvdb.org/55158

Source: secalert@redhat.com

http://secunia.com/advisories/35331

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35415

Source: secalert@redhat.com

http://secunia.com/advisories/35431

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35439

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35440

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35468

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1820

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2009/mfsa2009-31.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/35326

Source: secalert@redhat.com

Patch

http://www.securitytracker.com/id?1022379

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/1572

Source: secalert@redhat.com

PatchVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=477979

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=503582

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/51076

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1095.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

Source: secalert@redhat.com

http://osvdb.org/55158

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35331

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35415

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35431

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35439

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35440

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35468

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1820

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2009/mfsa2009-31.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/35326

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1022379

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1572

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=477979

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=503582

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/51076

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2009-1095.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.