CVE - CVE-2009-0357

CVE-ID
CVE-2009-0357	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021668 URL:http://www.securitytracker.com/id?1021668 MISC:33598 URL:http://www.securityfocus.com/bid/33598 MISC:33799 URL:http://secunia.com/advisories/33799 MISC:33808 URL:http://secunia.com/advisories/33808 MISC:33809 URL:http://secunia.com/advisories/33809 MISC:33816 URL:http://secunia.com/advisories/33816 MISC:33831 URL:http://secunia.com/advisories/33831 MISC:33841 URL:http://secunia.com/advisories/33841 MISC:33846 URL:http://secunia.com/advisories/33846 MISC:33869 URL:http://secunia.com/advisories/33869 MISC:34462 URL:http://secunia.com/advisories/34462 MISC:34527 URL:http://secunia.com/advisories/34527 MISC:ADV-2009-0313 URL:~~http://www.vupen.com/english/advisories/2009/0313~~ (Obsolete source) MISC:FEDORA-2009-1399 URL:https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html MISC:FEDORA-2009-3101 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html MISC:MDVSA-2009:044 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:044~~ (Obsolete source) MISC:RHSA-2009:0256 URL:http://rhn.redhat.com/errata/RHSA-2009-0256.html MISC:RHSA-2009:0257 URL:http://www.redhat.com/support/errata/RHSA-2009-0257.html MISC:SSA:2009-083-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 MISC:SUSE-SA:2009:009 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html MISC:USN-717-1 URL:http://www.ubuntu.com/usn/usn-717-1 MISC:USN-717-2 URL:http://www.ubuntu.com/usn/usn-717-2 MISC:http://ha.ckers.org/blog/20070511/bluehat-errata/ URL:http://ha.ckers.org/blog/20070511/bluehat-errata/ MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MISC:http://www.mozilla.org/security/announce/2009/mfsa2009-05.html URL:http://www.mozilla.org/security/announce/2009/mfsa2009-05.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=380418 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=380418 MISC:oval:org.mitre.oval:def:9459 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9459
Assigning CNA
Red Hat, Inc.
Date Record Created
20090129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.