Novell Home

CVE-2009-1307

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-1307 at MITRE

Details

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Novell Bugzilla entry: 495473,515951

SUSE Security Advisories:

Product(s) Fixed package version(s) References
openSUSE 11.0
  • mozilla-xulrunner190-debuginfo >= 1.9.0.9-0.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.9-0.1
 SAT Patch Nr: 832
openSUSE 11.0
  • mozilla-xulrunner190 >= 1.9.0.9-0.1
  • mozilla-xulrunner190-32bit >= 1.9.0.9-0.1
  • mozilla-xulrunner190-64bit >= 1.9.0.9-0.1
  • mozilla-xulrunner190-devel >= 1.9.0.9-0.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.9-0.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.9-0.1
  • mozilla-xulrunner190-gnomevfs-64bit >= 1.9.0.9-0.1
  • mozilla-xulrunner190-translations >= 1.9.0.9-0.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.9-0.1
  • mozilla-xulrunner190-translations-64bit >= 1.9.0.9-0.1
 SAT Patch Nr: 832
openSUSE 11.1
  • mozilla-xulrunner190-debuginfo >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debuginfo-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.9-0.1.1
 SAT Patch Nr: 832
openSUSE 11.1
  • mozilla-xulrunner190 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-devel >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.9-0.1.1
  • python-xpcom190 >= 1.9.0.9-0.1.1
 SAT Patch Nr: 832
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
  • mozilla >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-devel >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-dom-inspector >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-irc >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-mail >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-venkman >= 1.8_seamonkey_1.1.17-0.6
 core9. ia64
core9. ppc
core9. s390
core9. s390x
sles9-nld. x86-64
sles9-oes. x86
core9. x86
sles9-nlpos. x86
core9. x86-64
sles9-nld. x86
YOU Patch Nr: 12519
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • epiphany >= 1.2.10-0.9
  • epiphany-doc >= 1.2.10-0.9
  • epiphany-extensions >= 0.8.2-2.10
  • epiphany-extensions-devel >= 0.8.2-2.10
  • mozilla >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-devel >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-dom-inspector >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-irc >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-mail >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-venkman >= 1.8_seamonkey_1.1.17-0.6
 core9. ia64
core9. ppc
core9. s390
core9. s390x
sles9-nld. x86-64
sles9-oes. x86
core9. x86
sles9-nlpos. x86
core9. x86-64
sles9-nld. x86
YOU Patch Nr: 12519
openSUSE 10.3
openSUSE 11.0
  • seamonkey >= 1.1.18-0.1
  • seamonkey-dom-inspector >= 1.1.18-0.1
  • seamonkey-irc >= 1.1.18-0.1
  • seamonkey-mail >= 1.1.18-0.1
  • seamonkey-spellchecker >= 1.1.18-0.1
  • seamonkey-venkman >= 1.1.18-0.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
openSUSE 11.0
  • seamonkey-debuginfo >= 1.1.18-0.1
  • seamonkey-debugsource >= 1.1.18-0.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
openSUSE 11.1
  • seamonkey-debuginfo >= 1.1.18-0.1.1
  • seamonkey-debugsource >= 1.1.18-0.1.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
openSUSE 11.1
  • seamonkey >= 1.1.18-0.1.1
  • seamonkey-dom-inspector >= 1.1.18-0.1.1
  • seamonkey-irc >= 1.1.18-0.1.1
  • seamonkey-mail >= 1.1.18-0.1.1
  • seamonkey-spellchecker >= 1.1.18-0.1.1
  • seamonkey-venkman >= 1.1.18-0.1.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
SLES 11 DEBUGINFO
  • MozillaFirefox-debuginfo >= 3.0.9-0.1.1
  • MozillaFirefox-debugsource >= 3.0.9-0.1.1
 sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
SAT Patch Nr: 835
SLED 11
SLES 11
  • MozillaFirefox >= 3.0.9-0.1.1
  • MozillaFirefox-translations >= 3.0.9-0.1.1
 sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
SAT Patch Nr: 835
SLE 11 DESKTOP Unsupported Extras
  • MozillaThunderbird >= 2.0.0.22-0.1.1
  • MozillaThunderbird-translations >= 2.0.0.22-0.1.1
 SAT Patch Nr: 1090
openSUSE 10.3
openSUSE 11.0
  • MozillaThunderbird >= 2.0.0.22-0.1
  • MozillaThunderbird-devel >= 2.0.0.22-0.1
  • MozillaThunderbird-translations >= 2.0.0.22-0.1
 ZYPP Patch Nr: 6347
SAT Patch Nr: 1091
openSUSE 11.0
  • MozillaThunderbird-debuginfo >= 2.0.0.22-0.1
  • MozillaThunderbird-debugsource >= 2.0.0.22-0.1
 ZYPP Patch Nr: 6347
SAT Patch Nr: 1091
openSUSE 11.1
  • MozillaThunderbird-debuginfo >= 2.0.0.22-0.1.1
  • MozillaThunderbird-debugsource >= 2.0.0.22-0.1.1
 ZYPP Patch Nr: 6347
SAT Patch Nr: 1091
openSUSE 11.1
  • MozillaThunderbird >= 2.0.0.22-0.1.1
  • MozillaThunderbird-devel >= 2.0.0.22-0.1.1
  • MozillaThunderbird-translations >= 2.0.0.22-0.1.1
 ZYPP Patch Nr: 6347
SAT Patch Nr: 1091
openSUSE 11.0
  • MozillaFirefox-debuginfo >= 3.0.9-0.1
  • MozillaFirefox-debugsource >= 3.0.9-0.1
 SAT Patch Nr: 833
openSUSE 11.0
  • MozillaFirefox >= 3.0.9-0.1
  • MozillaFirefox-translations >= 3.0.9-0.1
 SAT Patch Nr: 833
openSUSE 11.1
  • MozillaFirefox-debuginfo >= 3.0.9-0.1.1
  • MozillaFirefox-debugsource >= 3.0.9-0.1.1
 SAT Patch Nr: 833
openSUSE 11.1
  • MozillaFirefox >= 3.0.9-0.1.1
  • MozillaFirefox-branding-upstream >= 3.0.9-0.1.1
  • MozillaFirefox-translations >= 3.0.9-0.1.1
 SAT Patch Nr: 833
SLES 11 DEBUGINFO
  • mozilla-xulrunner190-debuginfo >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLES 11 DEBUGINFO
  • mozilla-xulrunner190-debuginfo >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debuginfo-x86 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLES 11 DEBUGINFO
  • mozilla-xulrunner190-debuginfo >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debuginfo-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLE 11
  • mozilla-xulrunner190-devel >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLE 11
  • mozilla-xulrunner190-devel >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs-x86 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations-x86 >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLE 11
  • mozilla-xulrunner190-devel >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLED 11
  • mozilla-xulrunner190 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLED 11
SLES 11
  • mozilla-xulrunner190 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLES 11
  • mozilla-xulrunner190 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-x86 >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834
SLES 11
  • mozilla-xulrunner190 >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.9-0.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.9-0.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. ia64
sle11-debuginfo. s390x
sle11-debuginfo. ppc
SAT Patch Nr: 834

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.