CVE-2009-0776

CVSS V2 High 7.1 CVSS V3 None

Description

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

Overview

CVE ID
CVE-2009-0776

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2009-03-05T02:30:00

Last Modified Date
2018-10-03T21:58:53

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:mozilla:firefox::::::::	1	OR	3.0.6
cpe:2.3:a:mozilla:firefox:1.0:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.18:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.19:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.20:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:3.0:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:3.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:3.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:3.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:3.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:3.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey::::::::	1	OR	1.1.14
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird::::::::	1	OR	2.0.0.20
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.12:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.14:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.16:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.17:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.18:::::::*	1	OR
cpe:2.3:a:mozilla:thunderbird:2.0.0.19:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:C/I:N/A:N

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
NONE

Availability Impact
NONE

Base Score
7.1

Severity
HIGH

Exploitability Score
8.6

Impact Score
6.9

References

Reference URL	Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=414540
http://www.mozilla.org/security/announce/2009/mfsa2009-09.html	Vendor Advisory
http://secunia.com/advisories/34145
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.securityfocus.com/bid/33990
http://secunia.com/advisories/34272
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.vupen.com/english/advisories/2009/0632
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://www.debian.org/security/2009/dsa-1751
http://secunia.com/advisories/34383
http://secunia.com/advisories/34387
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
http://secunia.com/advisories/34417
http://secunia.com/advisories/34462
http://secunia.com/advisories/34324
http://secunia.com/advisories/34464
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
http://secunia.com/advisories/34527
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
http://www.debian.org/security/2009/dsa-1830
http://secunia.com/advisories/34140
http://www.securitytracker.com/id?1021797
http://www.redhat.com/support/errata/RHSA-2009-0325.html
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://secunia.com/advisories/34137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956
https://usn.ubuntu.com/741-1/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2009-0776
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:36:21				Added to TrackCVE