CVE-2009-1839
Last modified
CVE-2009-1839 is a vulnerability of currently unknown severity. Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.. EPSS estimates a 7.12% chance of exploitation in the next 30 days.
Description
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mozilla | Firefox | <= 3.0.10 | — |
| Mozilla | Firefox | 3.0 | — |
| Mozilla | Firefox | 3.0.1 | — |
| Mozilla | Firefox | 3.0.2 | — |
| Mozilla | Firefox | 3.0.3 | — |
| Mozilla | Firefox | 3.0.4 | — |
| Mozilla | Firefox | 3.0.5 | — |
| Mozilla | Firefox | 3.0.6 | — |
| Mozilla | Firefox | 3.0.7 | — |
| Mozilla | Firefox | 3.0.8 | — |
| Mozilla | Firefox | 3.0.9 | — |
| Mozilla | Firefox | 3.0beta5 | — |
| Mozilla | Firefox | 3.1 | Beta1 |
References
- http://secunia.com/advisories/35331Vendor Advisory
- http://secunia.com/advisories/35431Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1572Patch, Vendor Advisory
- http://secunia.com/advisories/35331Vendor Advisory
- http://secunia.com/advisories/35431Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1572Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1839?
How severe is CVE-2009-1839?
How do I fix CVE-2009-1839?
Are you affected by CVE-2009-1839?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST