Your submission was sent successfully! Close

CVE-2009-0354

Published: 04 February 2009

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

firefox-3.0
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.6)
iceape
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

iceweasel
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xulrunner
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.6)