← back
CVE-2009-1840

CVE-2009-1840

EPSS 2.2%
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/55158https://bugzilla.mozilla.org/show_bug.cgi?id=477979https://bugzilla.redhat.com/show_bug.cgi?id=503582http://secunia.com/advisories/35331http://secunia.com/advisories/35415http://secunia.com/advisories/35431http://secunia.com/advisories/35439http://secunia.com/advisories/35440http://secunia.com/advisories/35468https://exchange.xforce.ibmcloud.com/vulnerabilities/51076http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448