CVE-2009-0355 at MITRE
Details
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
Novell Bugzilla entry:
470074
SUSE Security Advisories:
| Product(s) | Fixed package version(s) | References |
|---|
| openSUSE 11.0 | MozillaFirefox-debuginfo >= 3.0.6-0.1MozillaFirefox-debugsource >= 3.0.6-0.1mozilla-xulrunner190-debuginfo >= 1.9.0.6-0.1mozilla-xulrunner190-debugsource >= 1.9.0.6-0.1
| SAT Patch Nr: 509 |
| openSUSE 11.0 | MozillaFirefox >= 3.0.6-0.1MozillaFirefox-translations >= 3.0.6-0.1mozilla-xulrunner190 >= 1.9.0.6-0.1mozilla-xulrunner190-32bit >= 1.9.0.6-0.1mozilla-xulrunner190-64bit >= 1.9.0.6-0.1mozilla-xulrunner190-devel >= 1.9.0.6-0.1mozilla-xulrunner190-gnomevfs >= 1.9.0.6-0.1mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.6-0.1mozilla-xulrunner190-gnomevfs-64bit >= 1.9.0.6-0.1mozilla-xulrunner190-translations >= 1.9.0.6-0.1mozilla-xulrunner190-translations-32bit >= 1.9.0.6-0.1mozilla-xulrunner190-translations-64bit >= 1.9.0.6-0.1
| SAT Patch Nr: 509 |
| openSUSE 11.1 | MozillaFirefox-debuginfo >= 3.0.6-0.1.2MozillaFirefox-debugsource >= 3.0.6-0.1.2mozilla-xulrunner190-debuginfo >= 1.9.0.6-0.1.1mozilla-xulrunner190-debugsource >= 1.9.0.6-0.1.1
| SAT Patch Nr: 509 |
| openSUSE 11.1 | MozillaFirefox >= 3.0.6-0.1.2MozillaFirefox-branding-upstream >= 3.0.6-0.1.2MozillaFirefox-translations >= 3.0.6-0.1.2mozilla-xulrunner190 >= 1.9.0.6-0.1.1mozilla-xulrunner190-32bit >= 1.9.0.6-0.1.1mozilla-xulrunner190-devel >= 1.9.0.6-0.1.1mozilla-xulrunner190-gnomevfs >= 1.9.0.6-0.1.1mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.6-0.1.1mozilla-xulrunner190-translations >= 1.9.0.6-0.1.1mozilla-xulrunner190-translations-32bit >= 1.9.0.6-0.1.1python-xpcom190 >= 1.9.0.6-0.1.1
| SAT Patch Nr: 509 |
