Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2009-0356

Published

14 years ago

Last Modified

4 weeks ago

CVSSv2.0 Severity

Medium

Impact Analysis

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582..

CVSSv2.0 Score

Severity: Medium
Base Score: 5.1/10
Exploit Score: 4.9/10
Access Vector: Network
Access Complexity: High
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:mozilla:seamonkey::::::::	No	-	-
cpe:2.3:a:mozilla:firefox:0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9_rc:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox::::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0:beta2::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.10:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0:beta1::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.7.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.6.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.18:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0:rc2::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0_.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0:beta_1::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0:beta5::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9:rc::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.10:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0:rc3::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:3.0:alpha::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2009-0356

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2009-0356

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References