PT-2009-5347 · Flock+1 · Flock+2

Lostmon

Publicado

2009-08-28

Atualizado

2017-08-17

CVE-2009-3007

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 3.5.1 SeaMonkey version 1.1.17 Flock version 2.5.1

Description: The issue allows context-dependent attackers to spoof the address bar. This can be achieved via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL. For example, this could be demonstrated by a visit to a file: document written by the attacker.

Recommendations: For Mozilla Firefox version 3.5.1, update to a version that fixes this issue. For SeaMonkey version 1.1.17, update to a version that fixes this issue. For Flock version 2.5.1, update to a version that fixes this issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2009-3007

DSA-1922-1

Produtos afetados

Flock

Firefox

Seamonkey

PT-2009-5347 · Flock+1 · Flock+2

CVE-2009-3007

Identificadores relacionados

Produtos afetados

Referências · 3