CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://secunia.com/advisories/33799 Vendor Advisory
http://secunia.com/advisories/33808 Vendor Advisory
http://secunia.com/advisories/33809 Vendor Advisory
http://secunia.com/advisories/33816 Vendor Advisory
http://secunia.com/advisories/33831 Vendor Advisory
http://secunia.com/advisories/33841 Vendor Advisory
http://secunia.com/advisories/33846 Vendor Advisory
http://secunia.com/advisories/33869 Vendor Advisory
http://secunia.com/advisories/34324 Vendor Advisory
http://secunia.com/advisories/34417 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0257.html
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://www.securityfocus.com/bid/33598 Patch
http://www.securitytracker.com/id?1021665
http://www.ubuntu.com/usn/usn-717-1
http://www.ubuntu.com/usn/usn-717-2
http://www.vupen.com/english/advisories/2009/0313
https://bugzilla.mozilla.org/show_bug.cgi?id=466937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://secunia.com/advisories/33799 Vendor Advisory
http://secunia.com/advisories/33808 Vendor Advisory
http://secunia.com/advisories/33809 Vendor Advisory
http://secunia.com/advisories/33816 Vendor Advisory
http://secunia.com/advisories/33831 Vendor Advisory
http://secunia.com/advisories/33841 Vendor Advisory
http://secunia.com/advisories/33846 Vendor Advisory
http://secunia.com/advisories/33869 Vendor Advisory
http://secunia.com/advisories/34324 Vendor Advisory
http://secunia.com/advisories/34417 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0257.html
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://www.securityfocus.com/bid/33598 Patch
http://www.securitytracker.com/id?1021665
http://www.ubuntu.com/usn/usn-717-1
http://www.ubuntu.com/usn/usn-717-2
http://www.vupen.com/english/advisories/2009/0313
https://bugzilla.mozilla.org/show_bug.cgi?id=466937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

History

21 Nov 2024, 00:59

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html -
References () http://rhn.redhat.com/errata/RHSA-2009-0256.html - () http://rhn.redhat.com/errata/RHSA-2009-0256.html -
References () http://secunia.com/advisories/33799 - Vendor Advisory () http://secunia.com/advisories/33799 - Vendor Advisory
References () http://secunia.com/advisories/33808 - Vendor Advisory () http://secunia.com/advisories/33808 - Vendor Advisory
References () http://secunia.com/advisories/33809 - Vendor Advisory () http://secunia.com/advisories/33809 - Vendor Advisory
References () http://secunia.com/advisories/33816 - Vendor Advisory () http://secunia.com/advisories/33816 - Vendor Advisory
References () http://secunia.com/advisories/33831 - Vendor Advisory () http://secunia.com/advisories/33831 - Vendor Advisory
References () http://secunia.com/advisories/33841 - Vendor Advisory () http://secunia.com/advisories/33841 - Vendor Advisory
References () http://secunia.com/advisories/33846 - Vendor Advisory () http://secunia.com/advisories/33846 - Vendor Advisory
References () http://secunia.com/advisories/33869 - Vendor Advisory () http://secunia.com/advisories/33869 - Vendor Advisory
References () http://secunia.com/advisories/34324 - Vendor Advisory () http://secunia.com/advisories/34324 - Vendor Advisory
References () http://secunia.com/advisories/34417 - Vendor Advisory () http://secunia.com/advisories/34417 - Vendor Advisory
References () http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm - () http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 - () http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 -
References () http://www.mozilla.org/security/announce/2009/mfsa2009-03.html - Vendor Advisory () http://www.mozilla.org/security/announce/2009/mfsa2009-03.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2009-0257.html - () http://www.redhat.com/support/errata/RHSA-2009-0257.html -
References () http://www.redhat.com/support/errata/RHSA-2009-0258.html - () http://www.redhat.com/support/errata/RHSA-2009-0258.html -
References () http://www.securityfocus.com/bid/33598 - Patch () http://www.securityfocus.com/bid/33598 - Patch
References () http://www.securitytracker.com/id?1021665 - () http://www.securitytracker.com/id?1021665 -
References () http://www.ubuntu.com/usn/usn-717-1 - () http://www.ubuntu.com/usn/usn-717-1 -
References () http://www.ubuntu.com/usn/usn-717-2 - () http://www.ubuntu.com/usn/usn-717-2 -
References () http://www.vupen.com/english/advisories/2009/0313 - () http://www.vupen.com/english/advisories/2009/0313 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=466937 - () https://bugzilla.mozilla.org/show_bug.cgi?id=466937 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html - () https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html -
References () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html - () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html -
References () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html - () https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html -

Information

Published : 2009-02-04 19:30

Updated : 2024-11-21 00:59


NVD link : CVE-2009-0355

Mitre link : CVE-2009-0355

CVE.ORG link : CVE-2009-0355


JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-264

Permissions, Privileges, and Access Controls