CVE-2009-0356

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.0.6 SeaMonkey (affected versions not specified)

Description The issue allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges. This is achieved through vectors involving the URL field in a Desktop Entry section of a .desktop file, specifically by linking to the about:plugins and about:config URIs. The problem arises from the representation of about: URIs as jar:file:// URIs.

Recommendations For Mozilla Firefox versions prior to 3.0.6, update to version 3.0.6 or later to resolve the issue. For SeaMonkey, at the moment, there is no information about a newer version that contains a fix for this vulnerability.