CVE - CVE-2009-0356

CVE-ID
CVE-2009-0356	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021666 URL:http://www.securitytracker.com/id?1021666 MISC:33598 URL:http://www.securityfocus.com/bid/33598 MISC:33799 URL:http://secunia.com/advisories/33799 MISC:33809 URL:http://secunia.com/advisories/33809 MISC:33831 URL:http://secunia.com/advisories/33831 MISC:33841 URL:http://secunia.com/advisories/33841 MISC:33846 URL:http://secunia.com/advisories/33846 MISC:ADV-2009-0313 URL:~~http://www.vupen.com/english/advisories/2009/0313~~ (Obsolete source) MISC:FEDORA-2009-1399 URL:https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html MISC:MDVSA-2009:044 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:044~~ (Obsolete source) MISC:RHSA-2009:0256 URL:http://rhn.redhat.com/errata/RHSA-2009-0256.html MISC:SUSE-SA:2009:009 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MISC:http://www.mozilla.org/security/announce/2009/mfsa2009-04.html URL:http://www.mozilla.org/security/announce/2009/mfsa2009-04.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=460425 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=460425 MISC:oval:org.mitre.oval:def:9922 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9922
Assigning CNA
Red Hat, Inc.
Date Record Created
20090129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)