CVE-2009-0356 : Detail

CVE-2009-0356

A01-Broken Access Control
42.91%V3
Network
2009-02-04
18h00 +00:00
2017-09-28
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version To (including) 3.0.5

Mozilla>>Firefox >> Version 0.1

Mozilla>>Firefox >> Version 0.2

Mozilla>>Firefox >> Version 0.3

Mozilla>>Firefox >> Version 0.4

Mozilla>>Firefox >> Version 0.5

Mozilla>>Firefox >> Version 0.6

Mozilla>>Firefox >> Version 0.6.1

Mozilla>>Firefox >> Version 0.7

Mozilla>>Firefox >> Version 0.7.1

Mozilla>>Firefox >> Version 0.8

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9.1

Mozilla>>Firefox >> Version 0.9.2

Mozilla>>Firefox >> Version 0.9.3

Mozilla>>Firefox >> Version 0.9_rc

    Mozilla>>Firefox >> Version 0.10

    Mozilla>>Firefox >> Version 0.10.1

    Mozilla>>Firefox >> Version 1.0

    Mozilla>>Firefox >> Version 1.0

    Mozilla>>Firefox >> Version 1.0.1

    Mozilla>>Firefox >> Version 1.0.2

    Mozilla>>Firefox >> Version 1.0.3

    Mozilla>>Firefox >> Version 1.0.4

    Mozilla>>Firefox >> Version 1.0.5

    Mozilla>>Firefox >> Version 1.0.6

    Mozilla>>Firefox >> Version 1.0.7

    Mozilla>>Firefox >> Version 1.0.8

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5.0.1

    Mozilla>>Firefox >> Version 1.5.0.2

    Mozilla>>Firefox >> Version 1.5.0.3

    Mozilla>>Firefox >> Version 1.5.0.4

    Mozilla>>Firefox >> Version 1.5.0.5

    Mozilla>>Firefox >> Version 1.5.0.6

    Mozilla>>Firefox >> Version 1.5.0.7

    Mozilla>>Firefox >> Version 1.5.0.8

    Mozilla>>Firefox >> Version 1.5.0.9

    Mozilla>>Firefox >> Version 1.5.0.10

    Mozilla>>Firefox >> Version 1.5.0.11

    Mozilla>>Firefox >> Version 1.5.0.12

    Mozilla>>Firefox >> Version 1.5.1

    Mozilla>>Firefox >> Version 1.5.2

    Mozilla>>Firefox >> Version 1.5.3

    Mozilla>>Firefox >> Version 1.5.4

    Mozilla>>Firefox >> Version 1.5.5

    Mozilla>>Firefox >> Version 1.5.6

    Mozilla>>Firefox >> Version 1.5.7

    Mozilla>>Firefox >> Version 1.5.8

    Mozilla>>Firefox >> Version 1.8

    Mozilla>>Firefox >> Version 2.0

    Mozilla>>Firefox >> Version 2.0

      Mozilla>>Firefox >> Version 2.0

        Mozilla>>Firefox >> Version 2.0

          Mozilla>>Firefox >> Version 2.0

            Mozilla>>Firefox >> Version 2.0.0.1

            Mozilla>>Firefox >> Version 2.0.0.2

            Mozilla>>Firefox >> Version 2.0.0.3

            Mozilla>>Firefox >> Version 2.0.0.4

            Mozilla>>Firefox >> Version 2.0.0.5

            Mozilla>>Firefox >> Version 2.0.0.6

            Mozilla>>Firefox >> Version 2.0.0.7

            Mozilla>>Firefox >> Version 2.0.0.8

            Mozilla>>Firefox >> Version 2.0.0.9

            Mozilla>>Firefox >> Version 2.0.0.10

            Mozilla>>Firefox >> Version 2.0.0.11

            Mozilla>>Firefox >> Version 2.0.0.12

            Mozilla>>Firefox >> Version 2.0.0.13

            Mozilla>>Firefox >> Version 2.0.0.14

            Mozilla>>Firefox >> Version 2.0.0.15

            Mozilla>>Firefox >> Version 2.0.0.16

            Mozilla>>Firefox >> Version 2.0.0.17

            Mozilla>>Firefox >> Version 2.0.0.18

            Mozilla>>Firefox >> Version 2.0_.1

              Mozilla>>Firefox >> Version 2.0_.4

                Mozilla>>Firefox >> Version 2.0_.5

                  Mozilla>>Firefox >> Version 2.0_.6

                    Mozilla>>Firefox >> Version 2.0_.7

                      Mozilla>>Firefox >> Version 2.0_.9

                        Mozilla>>Firefox >> Version 2.0_.10

                          Mozilla>>Firefox >> Version 2.0_8

                            Mozilla>>Firefox >> Version 3.0

                            Mozilla>>Firefox >> Version 3.0

                              Mozilla>>Firefox >> Version 3.0

                              Mozilla>>Firefox >> Version 3.0

                                Mozilla>>Firefox >> Version 3.0.1

                                Mozilla>>Firefox >> Version 3.0.2

                                Mozilla>>Firefox >> Version 3.0.3

                                Mozilla>>Firefox >> Version 3.0.4

                                Mozilla>>Seamonkey >> Version *

                                References

                                http://www.vupen.com/english/advisories/2009/0313
                                Tags : vdb-entry, x_refsource_VUPEN
                                http://secunia.com/advisories/33809
                                Tags : third-party-advisory, x_refsource_SECUNIA
                                http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
                                Tags : vendor-advisory, x_refsource_MANDRIVA
                                http://rhn.redhat.com/errata/RHSA-2009-0256.html
                                Tags : vendor-advisory, x_refsource_REDHAT
                                http://www.securitytracker.com/id?1021666
                                Tags : vdb-entry, x_refsource_SECTRACK
                                http://secunia.com/advisories/33831
                                Tags : third-party-advisory, x_refsource_SECUNIA
                                http://secunia.com/advisories/33841
                                Tags : third-party-advisory, x_refsource_SECUNIA
                                http://secunia.com/advisories/33846
                                Tags : third-party-advisory, x_refsource_SECUNIA
                                http://secunia.com/advisories/33799
                                Tags : third-party-advisory, x_refsource_SECUNIA
                                http://www.securityfocus.com/bid/33598
                                Tags : vdb-entry, x_refsource_BID