CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
intrepid
dne
hardy
not-affected
gutsy
not-affected
dapper
not-affected
firefox-3.0
intrepid
Fixed 3.0.6+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 3.0.6+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
iceape
intrepid
dne
hardy
dne
gutsy
not-affected
dapper
dne
iceweasel
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
seamonkey
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
xulrunner
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
xulrunner-1.9
intrepid
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
References