PT-2009-5347 · Flock+1 · Flock+2

Lostmon

Published

2009-08-28

Updated

2017-08-17

CVE-2009-3007

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 3.5.1 SeaMonkey version 1.1.17 Flock version 2.5.1

Description: The issue allows context-dependent attackers to spoof the address bar. This can be achieved via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL. For example, this could be demonstrated by a visit to a file: document written by the attacker.

Recommendations: For Mozilla Firefox version 3.5.1, update to a version that fixes this issue. For SeaMonkey version 1.1.17, update to a version that fixes this issue. For Flock version 2.5.1, update to a version that fixes this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-3007

DSA-1922-1

Affected Products

Flock

Firefox

Seamonkey

PT-2009-5347 · Flock+1 · Flock+2

CVE-2009-3007

Related Identifiers

Affected Products

References · 3