SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Mozilla Thunderbird Vendors:   Mozilla.org
(Mozilla Has Issued a Fix for Thunderbird) Mozilla Firefox Bug in Processing Adobe Flash Contents Lets Remote Users Bypass Cross-Domain Restrictions
SecurityTracker Alert ID:  1022435
SecurityTracker URL:  http://securitytracker.com/id/1022435
CVE Reference:   CVE-2009-1307   (Links to External Site)
Date:  Jun 24 2009
Impact:   Disclosure of user information, Host/resource access via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Mozilla Firefox. A remote user can conduct cross-site request forgery attacks. Mozilla Thunderbird is affected.

A remote user can create specially crafted Adobe Flash content that, when loaded via the 'view-source:' scheme, will bypass cross-domain restrictions and will run with the privileges provided to local content.

The Flash content can connect to arbitrary resources via HTTP and conduct cross-site request forgery attacks.

The Flash content can read and write Local Shared Objects on the target system.

Mozilla SeaMonkey is affected.

Mozilla Thunderbird may be affected if plugins are enabled in mail (not the default setting).

Gregory Fleischer reported this vulnerability.

Impact:   A remote user can conduct cross-domain restrictions to conduct cross-site request forgery attacks.

A remote user can read and write shared objects on the target system.

Solution:   Mozilla has issued a fix for Thunderbird (2.0.0.22), which is affected by this vulnerability.

The Mozilla advisory is available at:

http://www.mozilla.org/security/announce/2009/mfsa2009-17.html

Vendor URL:  www.mozilla.org/security/announce/2009/mfsa2009-17.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 22 2009 Mozilla Firefox Bug in Processing Adobe Flash Contents Lets Remote Users Bypass Cross-Domain Restrictions



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC