Novell Home

CVE-2009-1835

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-1835 at MITRE

Details

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
Novell Bugzilla entry: 505563,515951

SUSE Security Advisories:

Product(s) Fixed package version(s) References
openSUSE 11.0
  • MozillaFirefox-debuginfo >= 3.0.11-0.1
  • MozillaFirefox-debugsource >= 3.0.11-0.1
  • mozilla-xulrunner190-debuginfo >= 1.9.0.11-1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.11-1.1
 SAT Patch Nr: 1000
openSUSE 11.0
  • MozillaFirefox >= 3.0.11-0.1
  • MozillaFirefox-translations >= 3.0.11-0.1
  • mozilla-xulrunner190 >= 1.9.0.11-1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.11-1.1
  • mozilla-xulrunner190-64bit >= 1.9.0.11-1.1
  • mozilla-xulrunner190-devel >= 1.9.0.11-1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.11-1.1
  • mozilla-xulrunner190-gnomevfs-64bit >= 1.9.0.11-1.1
  • mozilla-xulrunner190-translations >= 1.9.0.11-1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.11-1.1
  • mozilla-xulrunner190-translations-64bit >= 1.9.0.11-1.1
 SAT Patch Nr: 1000
openSUSE 11.1
  • MozillaFirefox-debuginfo >= 3.0.11-0.1.1
  • MozillaFirefox-debugsource >= 3.0.11-0.1.1
  • mozilla-xulrunner190-debuginfo >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debuginfo-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.11-1.1.1
 SAT Patch Nr: 1000
openSUSE 11.1
  • MozillaFirefox >= 3.0.11-0.1.1
  • MozillaFirefox-branding-upstream >= 3.0.11-0.1.1
  • MozillaFirefox-translations >= 3.0.11-0.1.1
  • mozilla-xulrunner190 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-devel >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.11-1.1.1
  • python-xpcom190 >= 1.9.0.11-1.1.1
 SAT Patch Nr: 1000
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
  • mozilla >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-devel >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-dom-inspector >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-irc >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-mail >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-venkman >= 1.8_seamonkey_1.1.17-0.6
 core9. ia64
core9. ppc
core9. s390
core9. s390x
sles9-nld. x86-64
sles9-oes. x86
core9. x86
sles9-nlpos. x86
core9. x86-64
sles9-nld. x86
YOU Patch Nr: 12519
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • epiphany >= 1.2.10-0.9
  • epiphany-doc >= 1.2.10-0.9
  • epiphany-extensions >= 0.8.2-2.10
  • epiphany-extensions-devel >= 0.8.2-2.10
  • mozilla >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-devel >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-dom-inspector >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-irc >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-mail >= 1.8_seamonkey_1.1.17-0.6
  • mozilla-venkman >= 1.8_seamonkey_1.1.17-0.6
 core9. ia64
core9. ppc
core9. s390
core9. s390x
sles9-nld. x86-64
sles9-oes. x86
core9. x86
sles9-nlpos. x86
core9. x86-64
sles9-nld. x86
YOU Patch Nr: 12519
openSUSE 10.3
openSUSE 11.0
  • seamonkey >= 1.1.18-0.1
  • seamonkey-dom-inspector >= 1.1.18-0.1
  • seamonkey-irc >= 1.1.18-0.1
  • seamonkey-mail >= 1.1.18-0.1
  • seamonkey-spellchecker >= 1.1.18-0.1
  • seamonkey-venkman >= 1.1.18-0.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
openSUSE 11.0
  • seamonkey-debuginfo >= 1.1.18-0.1
  • seamonkey-debugsource >= 1.1.18-0.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
openSUSE 11.1
  • seamonkey-debuginfo >= 1.1.18-0.1.1
  • seamonkey-debugsource >= 1.1.18-0.1.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
openSUSE 11.1
  • seamonkey >= 1.1.18-0.1.1
  • seamonkey-dom-inspector >= 1.1.18-0.1.1
  • seamonkey-irc >= 1.1.18-0.1.1
  • seamonkey-mail >= 1.1.18-0.1.1
  • seamonkey-spellchecker >= 1.1.18-0.1.1
  • seamonkey-venkman >= 1.1.18-0.1.1
 ZYPP Patch Nr: 6538
SAT Patch Nr: 1364
SLES 11 DEBUGINFO
  • MozillaFirefox-debuginfo >= 3.0.11-0.1.1
  • MozillaFirefox-debugsource >= 3.0.11-0.1.1
  • mozilla-xulrunner190-debuginfo >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLES 11 DEBUGINFO
  • MozillaFirefox-debuginfo >= 3.0.11-0.1.1
  • MozillaFirefox-debugsource >= 3.0.11-0.1.1
  • mozilla-xulrunner190-debuginfo >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debuginfo-x86 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLES 11 DEBUGINFO
  • MozillaFirefox-debuginfo >= 3.0.11-0.1.1
  • MozillaFirefox-debugsource >= 3.0.11-0.1.1
  • mozilla-xulrunner190-debuginfo >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debuginfo-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-debugsource >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLE 11
  • mozilla-xulrunner190-devel >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLE 11
  • mozilla-xulrunner190-devel >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs-x86 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations-x86 >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLE 11
  • mozilla-xulrunner190-devel >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLED 11
  • MozillaFirefox >= 3.0.11-0.1.1
  • MozillaFirefox-translations >= 3.0.11-0.1.1
  • mozilla-xulrunner190 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations-32bit >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLED 11
SLES 11
  • MozillaFirefox >= 3.0.11-0.1.1
  • MozillaFirefox-translations >= 3.0.11-0.1.1
  • mozilla-xulrunner190 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLES 11
  • MozillaFirefox >= 3.0.11-0.1.1
  • MozillaFirefox-translations >= 3.0.11-0.1.1
  • mozilla-xulrunner190 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-x86 >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001
SLES 11
  • MozillaFirefox >= 3.0.11-0.1.1
  • MozillaFirefox-translations >= 3.0.11-0.1.1
  • mozilla-xulrunner190 >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.11-1.1.1
 sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. ppc
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ppc
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1001

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.