CVE-2009-0776: Infoleak

First published: Thu Mar 05 2009(Updated: )

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=3.0.6
Mozilla Firefox	=1.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=1.0.2
Mozilla Firefox	=1.0.3
Mozilla Firefox	=1.0.4
Mozilla Firefox	=1.0.5
Mozilla Firefox	=1.0.6
Mozilla Firefox	=1.0.7
Mozilla Firefox	=1.0.8
Mozilla Firefox	=1.5
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=2.0
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=2.0.0.2
Mozilla Firefox	=2.0.0.3
Mozilla Firefox	=2.0.0.4
Mozilla Firefox	=2.0.0.5
Mozilla Firefox	=2.0.0.6
Mozilla Firefox	=2.0.0.7
Mozilla Firefox	=2.0.0.8
Mozilla Firefox	=2.0.0.9
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=2.0.0.15
Mozilla Firefox	=2.0.0.16
Mozilla Firefox	=2.0.0.17
Mozilla Firefox	=2.0.0.18
Mozilla Firefox	=2.0.0.19
Mozilla Firefox	=2.0.0.20
Mozilla Firefox	=3.0
Mozilla Firefox	=3.0.1
Mozilla Firefox	=3.0.2
Mozilla Firefox	=3.0.3
Mozilla Firefox	=3.0.4
Mozilla Firefox	=3.0.5
Mozilla SeaMonkey	<=1.1.14
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=1.0.1
Mozilla SeaMonkey	=1.0.2
Mozilla SeaMonkey	=1.0.3
Mozilla SeaMonkey	=1.0.5
Mozilla SeaMonkey	=1.0.6
Mozilla SeaMonkey	=1.0.7
Mozilla SeaMonkey	=1.0.8
Mozilla SeaMonkey	=1.0.9
Mozilla SeaMonkey	=1.1
Mozilla SeaMonkey	=1.1-alpha
Mozilla SeaMonkey	=1.1-beta
Mozilla SeaMonkey	=1.1.1
Mozilla SeaMonkey	=1.1.2
Mozilla SeaMonkey	=1.1.3
Mozilla SeaMonkey	=1.1.4
Mozilla SeaMonkey	=1.1.5
Mozilla SeaMonkey	=1.1.6
Mozilla SeaMonkey	=1.1.7
Mozilla SeaMonkey	=1.1.8
Mozilla SeaMonkey	=1.1.9
Mozilla SeaMonkey	=1.1.10
Mozilla SeaMonkey	=1.1.11
Mozilla SeaMonkey	=1.1.12
Mozilla SeaMonkey	=1.1.13
Mozilla Thunderbird	<=2.0.0.20
Mozilla Thunderbird	=2.0.0.0
Mozilla Thunderbird	=2.0.0.4
Mozilla Thunderbird	=2.0.0.5
Mozilla Thunderbird	=2.0.0.6
Mozilla Thunderbird	=2.0.0.9
Mozilla Thunderbird	=2.0.0.12
Mozilla Thunderbird	=2.0.0.14
Mozilla Thunderbird	=2.0.0.16
Mozilla Thunderbird	=2.0.0.17
Mozilla Thunderbird	=2.0.0.18
Mozilla Thunderbird	=2.0.0.19

Never miss a vulnerability like this again

Reference Links

agent/weakness
agent/event
agent/type
agent/references
agent/author
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/severity
vendor/mozilla
canonical/mozilla seamonkey
version/mozilla seamonkey/1.1.10
version/mozilla seamonkey/1.0.3
canonical/mozilla firefox
version/mozilla firefox/2.0.0.12
canonical/mozilla thunderbird
version/mozilla thunderbird/2.0.0.4
version/mozilla seamonkey/1.1.8
version/mozilla seamonkey/1.0.1
version/mozilla seamonkey/1.1.7
version/mozilla thunderbird/2.0.0.6
version/mozilla seamonkey/1.0.6
version/mozilla firefox/1.5.0.6
version/mozilla seamonkey/1.0.9
version/mozilla seamonkey/1.1.14
version/mozilla seamonkey/1.1.3
version/mozilla firefox/2.0.0.2
version/mozilla firefox/1.5.0.10
version/mozilla firefox/1.5.0.3
version/mozilla seamonkey/1.0
version/mozilla firefox/1.5.0.11
version/mozilla thunderbird/2.0.0.18
version/mozilla thunderbird/2.0.0.9
version/mozilla seamonkey/1.1.5
version/mozilla seamonkey/1.0.7
version/mozilla firefox/1.0.2
version/mozilla firefox/3.0.4
version/mozilla seamonkey/1.1-alpha
version/mozilla thunderbird/2.0.0.16
version/mozilla firefox/3.0.5
version/mozilla firefox/1.5
version/mozilla firefox/1.0.4
version/mozilla firefox/2.0.0.7
version/mozilla firefox/1.0.7
version/mozilla seamonkey/1.1.12
version/mozilla seamonkey/1.1
version/mozilla firefox/2.0.0.9
version/mozilla firefox/2.0.0.16
version/mozilla thunderbird/2.0.0.20
version/mozilla firefox/2.0.0.17
version/mozilla seamonkey/1.1.2
version/mozilla firefox/2.0.0.15
version/mozilla seamonkey/1.0.2
version/mozilla seamonkey/1.0.8
version/mozilla thunderbird/2.0.0.0
version/mozilla seamonkey/1.1.11
version/mozilla firefox/1.0
version/mozilla firefox/3.0.3
version/mozilla seamonkey/1.1-beta
version/mozilla seamonkey/1.1.1
version/mozilla firefox/1.5.0.7
version/mozilla thunderbird/2.0.0.12
version/mozilla firefox/2.0
version/mozilla firefox/1.0.1
version/mozilla firefox/2.0.0.14
version/mozilla seamonkey/1.0.5
version/mozilla thunderbird/2.0.0.14
version/mozilla firefox/1.5.0.8
version/mozilla firefox/2.0.0.3
version/mozilla firefox/1.5.0.9
version/mozilla thunderbird/2.0.0.17
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.0.12
version/mozilla firefox/2.0.0.6
version/mozilla seamonkey/1.1.6
version/mozilla firefox/3.0
version/mozilla firefox/2.0.0.11
version/mozilla firefox/1.5.0.2
version/mozilla firefox/1.0.3
version/mozilla firefox/3.0.1
version/mozilla firefox/2.0.0.4
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.18
version/mozilla firefox/3.0.6
version/mozilla firefox/2.0.0.1
version/mozilla firefox/3.0.2
version/mozilla thunderbird/2.0.0.5
version/mozilla seamonkey/1.1.9
version/mozilla seamonkey/1.1.13
version/mozilla firefox/2.0.0.20
version/mozilla firefox/2.0.0.8
version/mozilla firefox/2.0.0.19
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.1
version/mozilla firefox/1.0.5
version/mozilla firefox/2.0.0.5
version/mozilla firefox/2.0.0.10
version/mozilla thunderbird/2.0.0.19
version/mozilla firefox/1.0.6
version/mozilla seamonkey/1.1.4
version/mozilla firefox/1.0.8

CVE-2009-0776: Infoleak

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact