CVE-2009-1307

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.0.9 Thunderbird (affected versions not specified) SeaMonkey (affected versions not specified)

Description The issue concerns the view-source: URI implementation, which fails to properly enforce the Same Origin Policy. This allows remote attackers to bypass certain restrictions, including crossdomain.xml restrictions, and connect to arbitrary web sites via a Flash file. Attackers can also read, create, or modify Local Shared Objects via a Flash file, or bypass unspecified restrictions to render content using vectors involving a jar: URI.

Recommendations For Mozilla Firefox versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SeaMonkey, at the moment, there is no information about a newer version that contains a fix for this vulnerability.