CVE-2009-0354 at MITRE
Details
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Novell Bugzilla entry:
470074
SUSE Security Advisories:
| Product(s) | Fixed package version(s) | References |
|---|
| openSUSE 11.0 | MozillaFirefox-debuginfo >= 3.0.6-0.1MozillaFirefox-debugsource >= 3.0.6-0.1mozilla-xulrunner190-debuginfo >= 1.9.0.6-0.1mozilla-xulrunner190-debugsource >= 1.9.0.6-0.1
| SAT Patch Nr: 509 |
| openSUSE 11.0 | MozillaFirefox >= 3.0.6-0.1MozillaFirefox-translations >= 3.0.6-0.1mozilla-xulrunner190 >= 1.9.0.6-0.1mozilla-xulrunner190-32bit >= 1.9.0.6-0.1mozilla-xulrunner190-64bit >= 1.9.0.6-0.1mozilla-xulrunner190-devel >= 1.9.0.6-0.1mozilla-xulrunner190-gnomevfs >= 1.9.0.6-0.1mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.6-0.1mozilla-xulrunner190-gnomevfs-64bit >= 1.9.0.6-0.1mozilla-xulrunner190-translations >= 1.9.0.6-0.1mozilla-xulrunner190-translations-32bit >= 1.9.0.6-0.1mozilla-xulrunner190-translations-64bit >= 1.9.0.6-0.1
| SAT Patch Nr: 509 |
| openSUSE 11.1 | MozillaFirefox-debuginfo >= 3.0.6-0.1.2MozillaFirefox-debugsource >= 3.0.6-0.1.2mozilla-xulrunner190-debuginfo >= 1.9.0.6-0.1.1mozilla-xulrunner190-debugsource >= 1.9.0.6-0.1.1
| SAT Patch Nr: 509 |
| openSUSE 11.1 | MozillaFirefox >= 3.0.6-0.1.2MozillaFirefox-branding-upstream >= 3.0.6-0.1.2MozillaFirefox-translations >= 3.0.6-0.1.2mozilla-xulrunner190 >= 1.9.0.6-0.1.1mozilla-xulrunner190-32bit >= 1.9.0.6-0.1.1mozilla-xulrunner190-devel >= 1.9.0.6-0.1.1mozilla-xulrunner190-gnomevfs >= 1.9.0.6-0.1.1mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.6-0.1.1mozilla-xulrunner190-translations >= 1.9.0.6-0.1.1mozilla-xulrunner190-translations-32bit >= 1.9.0.6-0.1.1python-xpcom190 >= 1.9.0.6-0.1.1
| SAT Patch Nr: 509 |
