CVE - CVE-2009-0354

CVE-ID
CVE-2009-0354	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021664 URL:http://www.securitytracker.com/id?1021664 MISC:33598 URL:http://www.securityfocus.com/bid/33598 MISC:33799 URL:http://secunia.com/advisories/33799 MISC:33809 URL:http://secunia.com/advisories/33809 MISC:33831 URL:http://secunia.com/advisories/33831 MISC:33841 URL:http://secunia.com/advisories/33841 MISC:33846 URL:http://secunia.com/advisories/33846 MISC:33869 URL:http://secunia.com/advisories/33869 MISC:ADV-2009-0313 URL:~~http://www.vupen.com/english/advisories/2009/0313~~ (Obsolete source) MISC:FEDORA-2009-1399 URL:https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html MISC:MDVSA-2009:044 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:044~~ (Obsolete source) MISC:RHSA-2009:0256 URL:http://rhn.redhat.com/errata/RHSA-2009-0256.html MISC:SUSE-SA:2009:009 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html MISC:USN-717-1 URL:http://www.ubuntu.com/usn/usn-717-1 MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MISC:http://www.mozilla.org/security/announce/2009/mfsa2009-02.html URL:http://www.mozilla.org/security/announce/2009/mfsa2009-02.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=468581 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=468581 MISC:oval:org.mitre.oval:def:9796 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9796
Assigning CNA
Red Hat, Inc.
Date Record Created
20090129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)