FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1835

This CVE name corresponds to:

Entered Topic
2009-06-12 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-1835
Phase Assigned(20090529)

Description

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

References

Source Reference
CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=491801
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=503576
DEBIAN DSA-1820
FEDORA FEDORA-2009-6366
FEDORA FEDORA-2009-6411
FEDORA FEDORA-2009-7567
FEDORA FEDORA-2009-7614
REDHAT RHSA-2009:1095
REDHAT RHSA-2009:1096
SLACKWARE SSA:2009-167-01
SLACKWARE SSA:2009-176-01
SUNALERT 265068
SUNALERT 1020800
BID 35326
BID 35391
OSVDB 55161
OVAL oval:org.mitre.oval:def:9803
SECUNIA 35331
SECUNIA 35428
SECUNIA 35431
SECUNIA 35439
SECUNIA 35468
SECUNIA 35415
SECUNIA 35561
SECUNIA 35882
VUPEN ADV-2009-1572
VUPEN ADV-2009-2152