PT-2009-4304 · Mozilla+1 · Firefox+1

Adam Barth

Published

2009-06-11

Updated

2017-09-29

CVE-2009-1839

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 3.0.11

Description: The issue allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document. This is achieved through a "file-URL-to-file-URL scripting" attack, where an incorrect principal is associated with a file: URL loaded through the location bar.

Recommendations: For versions prior to 3.0.11, update to version 3.0.11 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1839

DSA-1820-1

RHSA-2009:1095

RHSA-2009_1095

Affected Products

Firefox

Red Hat

PT-2009-4304 · Mozilla+1 · Firefox+1

CVE-2009-1839

Weakness Enumeration

Related Identifiers

Affected Products

References · 55