Your submission was sent successfully! Close

CVE-2009-0354

Published: 4 February 2009

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Not vulnerable

hardy Not vulnerable

intrepid Does not exist

upstream Not vulnerable

firefox-3.0
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (3.0.6+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (3.0.6+nobinonly-0ubuntu0.8.10.1)
upstream
Released (3.0.6)
iceape
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Does not exist

intrepid Does not exist

upstream Not vulnerable

iceweasel
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Not vulnerable

intrepid Not vulnerable

upstream Not vulnerable

xulrunner
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable

upstream Not vulnerable

xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (1.9.0.6+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.6+nobinonly-0ubuntu0.8.10.1)
upstream
Released (1.9.0.6)