Upstream information
Description
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry: 495473, 515951 SUSE Security Advisories:- SUSE-SR:2009:010, published Tue, 12 May 2009 08:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 |
| core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519 |
| Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
| core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519 |
| openSUSE 10.3 |
| |
| SLE 11 DESKTOP Unsupported Extras |
| SAT Patch Nr: 1090 |
| openSUSE 10.3 |
|