CVE - CVE-2009-1835

CVE-ID
CVE-2009-1835	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1020800 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1~~ (Obsolete source) MISC:265068 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1~~ (Obsolete source) MISC:35326 URL:http://www.securityfocus.com/bid/35326 MISC:35331 URL:http://secunia.com/advisories/35331 MISC:35391 URL:http://www.securityfocus.com/bid/35391 MISC:35415 URL:http://secunia.com/advisories/35415 MISC:35428 URL:http://secunia.com/advisories/35428 MISC:35431 URL:http://secunia.com/advisories/35431 MISC:35439 URL:http://secunia.com/advisories/35439 MISC:35468 URL:http://secunia.com/advisories/35468 MISC:35561 URL:http://secunia.com/advisories/35561 MISC:35882 URL:http://secunia.com/advisories/35882 MISC:55161 URL:~~http://osvdb.org/55161~~ (Obsolete source) MISC:ADV-2009-1572 URL:~~http://www.vupen.com/english/advisories/2009/1572~~ (Obsolete source) MISC:ADV-2009-2152 URL:~~http://www.vupen.com/english/advisories/2009/2152~~ (Obsolete source) MISC:DSA-1820 URL:http://www.debian.org/security/2009/dsa-1820 MISC:FEDORA-2009-6366 URL:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html MISC:FEDORA-2009-6411 URL:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html MISC:FEDORA-2009-7567 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html MISC:FEDORA-2009-7614 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html MISC:RHSA-2009:1095 URL:https://rhn.redhat.com/errata/RHSA-2009-1095.html MISC:RHSA-2009:1096 URL:http://rhn.redhat.com/errata/RHSA-2009-1096.html MISC:SSA:2009-167-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 MISC:SSA:2009-176-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 MISC:http://www.mozilla.org/security/announce/2009/mfsa2009-26.html URL:http://www.mozilla.org/security/announce/2009/mfsa2009-26.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=491801 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=491801 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=503576 URL:https://bugzilla.redhat.com/show_bug.cgi?id=503576 MISC:oval:org.mitre.oval:def:9803 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9803
Assigning CNA
Red Hat, Inc.
Date Record Created
20090529	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090529)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)