CVE-2009-1840

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 3.0.11 Thunderbird (affected versions not specified) SeaMonkey (affected versions not specified)

Description: The issue allows remote attackers to bypass intended access restrictions by loading a script file into a XUL document without checking content policy. This can be achieved via a crafted HTML document, such as a "web bug" in an e-mail message, or web script, or an advertisement in a web page.

Recommendations: For Mozilla Firefox versions prior to 3.0.11, update to version 3.0.11 or later to resolve the issue. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SeaMonkey, at the moment, there is no information about a newer version that contains a fix for this vulnerability.