CVE-2009-0354
04.02.2009, 19:30
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
Vendor | Product | Version |
---|---|---|
mozilla | firefox | 3.0 |
mozilla | firefox | 3.0:alpha |
mozilla | firefox | 3.0:beta2 |
mozilla | firefox | 3.0:beta5 |
mozilla | firefox | 3.0.1 |
mozilla | firefox | 3.0.2 |
mozilla | firefox | 3.0.3 |
mozilla | firefox | 3.0.4 |
mozilla | firefox | 3.0.5 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Ubuntu Product | |||||||||
---|---|---|---|---|---|---|---|---|---|
firefox |
| ||||||||
firefox-3.0 |
| ||||||||
iceape |
| ||||||||
iceweasel |
| ||||||||
seamonkey |
| ||||||||
xulrunner |
| ||||||||
xulrunner-1.9 |
|
References