The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-04-22T18:00:00
Updated: 2018-10-03T20:57:01
Reserved: 2009-04-16T00:00:00
Link: CVE-2009-1307
JSON object: View
NVD Information
Status : Modified
Published: 2009-04-22T18:30:00.297
Modified: 2018-10-03T21:59:49.337
Link: CVE-2009-1307
JSON object: View
Redhat Information
No data.
CWE